CVE-2006-1568 - Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attac

CVE-2006-1568

Summary

Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters. Successful exploitation requires that "magic_quotes_gpc" is disabled.

References

Vulnerable Configurations

cpe:2.3:a:redcms:redcms:0.1:*:*:*:*:*:*:*
cpe:2.3:a:redcms:redcms:0.1:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 18-10-2018 - 16:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	17336
bugtraq	20060413 [eVuln] RedCMS Multiple XSS and SQL Injection Vulnerabilities
misc	http://evuln.com/vulns/115/summary.html
osvdb	24296
secunia	19475
sreason	708
vupen	ADV-2006-1186
xf	redcms-register-xss(25577)

Last major update

18-10-2018 - 16:33

Published

01-04-2006 - 00:04

Last modified

18-10-2018 - 16:33