Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters.
CPE | Name | Operator | Version |
---|---|---|---|
dbbs | eq | 2.0 | |
dbbs | eq | <= 2.0-alpha |