Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php.
References
Configurations
History
No history.
Information
Published : 2007-02-24 01:28
Updated : 2024-02-28 11:01
NVD link : CVE-2006-7059
Mitre link : CVE-2006-7059
CVE.ORG link : CVE-2006-7059
JSON object : View
Products Affected
scriptsez.net
- e-dating_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')