1. CVE-Search
  2. CVE-2006-0923
ID CVE-2006-0923
Summary Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.
References
Vulnerable Configurations
  • cpe:2.3:a:myphpnuke:myphpnuke:*:*:*:*:*:*:*:*
    cpe:2.3:a:myphpnuke:myphpnuke:*:*:*:*:*:*:*:*
  • cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_7:*:*:*:*:*:*:*
    cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_7:*:*:*:*:*:*:*
  • cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_8_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_8_rc2:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 18-10-2018 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 16815
bugtraq 20060224 Advisory: MyPHPNuke <= 1.8.8 multiple XSS vulnerabilities
confirm http://www.myphpnuke.com/article.php?sid=1035&mode=thread&order=0
misc http://www.nukedx.com/?viewdoc=12
secunia 19052
sreason 491
vupen ADV-2006-0750
xf myphpnuke-reviews-download-xss(24887)
Last major update 18-10-2018 - 16:29
Published 28-02-2006 - 11:02
Last modified 18-10-2018 - 16:29
Back to Top