2 matches found
CVE-2010-4607
CVE-2010-4607 relates to Habari 0.6.5, where multiple XSS vulnerabilities exist via the vulnerable parameters additem_form (system/admin/dash_additem.php) and status_data[] (system/admin/dash_status.php). The underlying issue is input sanitation that allows injected HTML/script. Exploitation deta...
CVE-2010-4607
Multiple cross-site scripting XSS vulnerabilities in Habari 0.6.5, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 additemform parameter to system/admin/dashadditem.php and the 2 statusdata parameter to system/admin/dashstatus.php. NOTE: so...