CVE-2006-2140 - Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attack

CVE-2006-2140

Summary

Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.

References

http://pridels0.blogspot.com/2006/04/orbithyip-xss.html
http://secunia.com/advisories/19877
http://www.osvdb.org/25141
http://www.osvdb.org/25142
http://www.securityfocus.com/bid/17766
http://www.vupen.com/english/advisories/2006/1583
https://exchange.xforce.ibmcloud.com/vulnerabilities/26163

Vulnerable Configurations

cpe:2.3:a:orbitscripts:orbithyip:2.0:*:*:*:*:*:*:*
cpe:2.3:a:orbitscripts:orbithyip:2.0:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

bid	17766
misc	http://pridels0.blogspot.com/2006/04/orbithyip-xss.html
osvdb	25141 25142
secunia	19877
vupen	ADV-2006-1583
xf	orbithyip-signup-members-xss(26163)

Last major update

20-07-2017 - 01:31

Published

02-05-2006 - 10:02

Last modified

20-07-2017 - 01:31