CVE-2006-5066 - Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before

CVE-2006-5066

Summary

Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php.

References

http://securityreason.com/securityalert/1648
http://www.securityfocus.com/archive/1/447002/100/0/threaded
http://www.securityfocus.com/archive/1/448693/100/0/threaded
http://www.securityfocus.com/bid/20203
https://exchange.xforce.ibmcloud.com/vulnerabilities/29175

Vulnerable Configurations

cpe:2.3:a:danphpsupport:danphpsupport:0.5:*:*:*:*:*:*:*
cpe:2.3:a:danphpsupport:danphpsupport:0.5:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 17-10-2018 - 21:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	20203
bugtraq	20060925 DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities 20061014 Re: DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities
sreason	1648
xf	danphpsupport-admin-index-xss(29175)

Last major update

17-10-2018 - 21:40

Published

28-09-2006 - 00:07

Last modified

17-10-2018 - 21:40