CVE-2006-2746
The vulnerability is in F@cile Interactive Web 0.8.5 and earlier, where multiple XSS flaws exist. Specifically, the application accepts user-supplied input through (1) lang in index.php and (2) mytheme and (3) myskin in various p-themes’ index.inc.php files (including lowgraphic, classic, puzzle,...