Maximus.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The InfoGuard Group Vulnerability Summary 2006-04 Application: Maximus' iCue and iParent http://www.schoolmax.net Versions: All Bugs: Cross-Site Scripting XSS Date: 18 June 2006 Author: Charles H. E-mail: [email protected] Website:...

CVE-2006-3143

The CVE CVE-2006-3143 affects Maximus SchoolMAX 4.0.1 and earlier iCue/iParent applications, where the icue_login.asp page is vulnerable to reflected cross-site scripting via the error_msg parameter. The underlying issue is improper handling of user-supplied input, allowing an attacker to inject ...