1. CVE-Search
  2. CVE-2006-0593
ID CVE-2006-0593
Summary Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.
References
Vulnerable Configurations
  • cpe:2.3:a:php_fusion:php_fusion:6.00.100:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.100:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.101:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.101:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.102:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.102:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.103:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.103:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.104:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.104:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.105:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.105:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.106:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.106:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.107:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.107:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.108:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.108:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.109:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.109:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.110:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.110:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.200:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.200:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.204:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.204:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.205:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.205:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.206:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.206:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.207:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.207:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.300:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.300:*:*:*:*:*:*:*
  • cpe:2.3:a:php_fusion:php_fusion:6.00.303:*:*:*:*:*:*:*
    cpe:2.3:a:php_fusion:php_fusion:6.00.303:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 16548
confirm
osvdb
  • 22980
  • 22981
secunia 18949
vupen ADV-2006-0463
xf phpfusion-multiple-xss(24548)
Last major update 20-07-2017 - 01:29
Published 08-02-2006 - 01:02
Last modified 20-07-2017 - 01:29
Back to Top