CVE-2006-3607 – SoftBiz Banner Exchange Script 1.0 - 'gen_confirm_mem.php?PHPSESSID' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-3607

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Softbiz Banner Exchange Script (también conocido como Banner Exchange Network Script) 1.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de el parámetro (1) city de (a) insertmember.php, y (2) una cookie PHPSESSID en (b) lostpassword.php, (c) gen_configm_mem.php, y (d) index.php. • https://www.exploit-db.com/exploits/28139 https://www.exploit-db.com/exploits/28140 https://www.exploit-db.com/exploits/28137 https://www.exploit-db.com/exploits/28138 http://ellsec.org/print.php?type=N&item_id=141 http://www.securityfocus.com/archive/1/438705/100/200/threaded http://www.securityfocus.com/bid/18735 https://exchange.xforce.ibmcloud.com/vulnerabilities/27460 https://exchange.xforce.ibmcloud.com/vulnerabilities/27461 •