Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote malicious users to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
userland manila |