|
Description
|
|
Some vulnerabilities have been reported in 2daybiz Network Community Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed via the "id" parameter to scrapbook.php and via the "alb" parameter to view_photo.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Note: This may also be exploited to conduct limited SQL injection attacks.
|
