CVE-2006-2953
CVE-2006-2953 describes an XSS in OfficeFlow 2.6 and earlier via the sqlType parameter in default.asp. The vulnerability enables remote attackers to inject arbitrary script/HTML, with network attack vector, no confidentiality impact and partial integrity impact according to the cited metrics (I:P...