2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the pid parameter in a peoplecard action. NOTE: this might overlap CVE-2006-2564...
CVE-2006-2564
CVE-2006-2564 concerns multiple XSS vulnerabilities in the index.php of AlstraSoft E-Friends. The vulnerability enables remote attackers to inject arbitrary web script or HTML by performing actions such as posting a blog, listing, event, adding comments, or sending a message. Connected records co...