Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php. Successful exploitation requires that the "register_globals" parameter is enabled.
Publication date: Thu, 30 Mar 2006 07:06:00 +0000