CVE-2011-1953 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P a (2) STRONG a (3) A a (4) EM a (5) I a (6) IMG a (7) LI an (8) OL a (9) VIDEO or a (10) BLOCKQUOTE element.

Reference

http://javierb.com.ar/2011/06/01/postrev-vunls/ http://postrev.com.ar/verpost.php?id_noticia=59 http://securityreason.com/securityalert/8270 http://www.securityfocus.com/archive/1/518205/100/0/threaded http://www.securityfocus.com/bid/47967