Vulnonym.com

CVE-2006-5127 - Thinkable Blades

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php (2) the msg parameter in db_mysql.inc.php and (3) the pos parameter in index.php.

Reference

http://www.majorsecurity.de/index_2.php?major_rls=major_rls28 http://download.compresso.de/compresso-4.0.5a.zip http://www.securityfocus.com/bid/20273 http://secunia.com/advisories/22145 http://securityreason.com/securityalert/1671 http://www.vupen.com/english/advisories/2006/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/29272 http://www.securityfocus.com/archive/1/447358/100/0/threaded