Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Maxwebportal | Maxwebportal | 1.30 (including) | 1.30 (including) |
Maxwebportal | Maxwebportal | 1.31 (including) | 1.31 (including) |