Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sms_text_messaging_enterprise | Alstrasoft | * | * |