From: predej deja To: cert@cert.org, osvdb , secunia , securityfocus Date: Tue, 28 Mar 2006 18:23:05 +0200 Subject: [OSVDB Mods] PHP Classifieds 6.18 - Cross Site Scripting PHP Classifieds 6.18 - Cross Site Scripting Vendor URL: http://deltascripts.com Description input passed to the 'searchword' parameter in search.php is not correctly validated.Which allows attackers to inject dangerous html code. PoC: http://demo.deltascripts.com/classifieds/search.php?searchword= ">&catid_search=17&e_1_from=&e_1_to=&e_2=&do_search=Search Preddy RootShell Security Group www.rootshell-security.net