Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter. Successful exploitation requires that "register_globals" is enanbled.
Publication date: Fri, 16 Jun 2006 15:02:00 +0000