CVE-2006-1617

Properties

Published:
04.04.2006
Updated:
05.04.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
    Product:
    Advanced Poll: Advanced Poll

    Vulnerability description

    Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.  NOTE: it is possible that this issue is resultant from CVE-2006-1616.

    References:

    http://ns79.hosteur.com/~secuti/advancedpoll.txt:http://ns79.hosteur.com/~secuti/advancedpoll.txt