CVE-2006-5146 - Stuffed Sky

Description

Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php or the (2) action parameter in (b) tem.php and (c) uss.php.

Reference

http://www.attrition.org/pipermail/vim/2006-October/001065.html http://www.securityfocus.com/bid/20280 http://securityreason.com/securityalert/1679 https://exchange.xforce.ibmcloud.com/vulnerabilities/29291 http://www.securityfocus.com/archive/1/447427/100/0/threaded