CVE-2013-5983 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) \an\ parameter to agenda.php or (2) cat parameter to mobile/thread.php.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-10/0111.html http://osvdb.org/98841 http://osvdb.org/98880 http://packetstormsecurity.com/files/123747 http://www.freeguppy.org/thread.php?lng=en&pg=244900&cat=200 https://exchange.xforce.ibmcloud.com/vulnerabilities/88247 https://www.htbridge.com/advisory/HTB23176