Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2010-12-29T19:00:00Z
Updated: 2024-09-16T17:24:07.287Z
Reserved: 2010-12-29T00:00:00Z
Link: CVE-2010-4607

No data.

Status : Modified
Published: 2010-12-29T22:33:21.790
Modified: 2024-11-21T01:21:20.597
Link: CVE-2010-4607

No data.