Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections.
References 4 Total
- securityfocus.com: 19438 vdb-entry
- securityreason.com: 1357 third-party-advisory
- securityfocus.com: 20060809 CivicSpace Version 0.8.5 HTML injection mailing-list
- exchange.xforce.ibmcloud.com: civicspace-subject-comment-xss(28303) vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- securityfocus.com: 19438 vdb-entryx_transferred
- securityreason.com: 1357 third-party-advisoryx_transferred
- securityfocus.com: 20060809 CivicSpace Version 0.8.5 HTML injection mailing-listx_transferred
- exchange.xforce.ibmcloud.com: civicspace-subject-comment-xss(28303) vdb-entryx_transferred