CVE-2006-5530

Description

Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Affected products

• boesch_it-consulting / simpnews2.34
• boesch_it-consulting / simpnews2.0.1 – 2.0.1
• boesch_it-consulting / simpnews2.13 – 2.13
• boesch_it-consulting / simpnews2.30 – 2.30

References

• MISChttp://www.securityfocus.com/bid/20714
• VENDOR_ADVISORYhttp://secunia.com/advisories/22535
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/4162
• MISChttp://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php