CVE-2011-5176

Multiple cross-site scripting XSS vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 q or 2 category parameter...

CVE-2011-5176

Banana Dance’s search.php contains multiple XSS vulnerabilities exploitable via the q and category parameters. Affected: versions prior to B.1.5. Root cause: insufficient input sanitization in search.php. Impact: remote injection of arbitrary script/HTML. Remediation: upgrade to B.1.5 or newer; a...