Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER[“PHP_SELF”] variable.
secunia.com/advisories/20149
securityreason.com/securityalert/725
securityreason.com/securityalert/927
www.osvdb.org/25617
www.osvdb.org/25618
www.securityfocus.com/archive/1/434294/100/0/threaded
www.securityfocus.com/bid/18012
www.vupen.com/english/advisories/2006/1853
exchange.xforce.ibmcloud.com/vulnerabilities/26518