CVE-2006-1082 - Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote

CVE-2006-1082

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts.

References

Vulnerable Configurations

cpe:2.3:a:phparcadescript:phparcadescript:2.0:*:*:*:*:*:*:*
cpe:2.3:a:phparcadescript:phparcadescript:2.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	16957
bugtraq	20060304 phpArcadeScript XSS Injections
secunia	19124
sreason	533
vupen	ADV-2006-0821

Last major update

18-10-2018 - 16:30

Published

09-03-2006 - 00:02

Last modified

18-10-2018 - 16:30