Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jonathan bravata scarecrow 2.12 |
||
jonathan bravata scarecrow |
||
jonathan bravata scarecrow 2.00_beta |
||
jonathan bravata scarecrow 2.01_beta |
||
jonathan bravata scarecrow 2.10 |
||
jonathan bravata scarecrow 2.11 |