2 matches found
CVE-2006-3246
Cross-site scripting XSS vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter...
CVE-2006-3246
CVE-2006-3246 describes a stored/reflected XSS in GL-SH Deaf Forum 6.4.3 and earlier, exploitable via the sort parameter in show.php. Impact: attacker can inject arbitrary script/HTML. Root cause: insufficient input sanitization for the sort parameter. Public remediation details are not provided ...