2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to comments.php or 2 pollid parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616...
CVE-2006-1616
CVE-2006-1616 involves multiple SQL injection vulnerabilities in Advanced Poll 2.02. The affected component is the poll software’s pages where the (1) id parameter passed to comments.php and (2) poll_id parameter passed to page.php can be exploited to execute arbitrary SQL commands. The NVD entry...