CVE-2008-2196

Cross-site scripting XSS vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178...

CVE-2008-2196

The CVE-2008-2196 entry concerns a Cross-Site Scripting (XSS) flaw in LifeType; specifically admin.php handles addBlogUser via the newBlogUserName parameter (LifeType 1.2.8). The vulnerability allows remote attackers to inject arbitrary script/HTML, a vector distinct from CVE-2008-2178. Public re...