CVE-2006-1290 - Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow

CVE-2006-1290

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php.

References

Vulnerable Configurations

cpe:2.3:a:milkeyway:milkeyway_captive_portal:0.1:*:*:*:*:*:*:*
cpe:2.3:a:milkeyway:milkeyway_captive_portal:0.1:*:*:*:*:*:*:*
cpe:2.3:a:milkeyway:milkeyway_captive_portal:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:milkeyway:milkeyway_captive_portal:0.1.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2018 - 16:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	17127
bugtraq	20060316 Milkeyway Multiple Vulnerabilities
misc	http://www.ush.it/team/ascii/hack-milkeway/advisory.txt http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt
osvdb	23932 23933
sectrack	1015778
secunia	19258
vupen	ADV-2006-0968
xf	milkeyway-multiple-xss(25288)

Last major update

18-10-2018 - 16:31

Published

19-03-2006 - 23:02

Last modified

18-10-2018 - 16:31