Vulnonym.org

CVE-2008-2644 - Masked Locust

Description

Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php the (2) keyword parameter to search.php the (3) page parameter to bb.php and the (4) new_s parameter to order.php.

Reference

http://secunia.com/advisories/30477 http://www.securityfocus.com/bid/29496 https://exchange.xforce.ibmcloud.com/vulnerabilities/42813 https://www.exploit-db.com/exploits/5725 http://www.securityfocus.com/archive/1/493130/100/0/threaded