CVE-2006-1407 - Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and ear

CVE-2006-1407

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp. These issues are reportedly fixed by the vendor. Version 3.2.10-stable will contain these fixes when it is released. Contact the vendor for further information on obtaining fixes.

References

Vulnerable Configurations

cpe:2.3:a:webhost_automation:helm_web_hosting_control_panel:*:*:*:*:*:*:*:*
cpe:2.3:a:webhost_automation:helm_web_hosting_control_panel:*:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

bid	17263
misc	http://pridels0.blogspot.com/2006/03/helm-web-hosting-control-panel-xss.html
osvdb	24125 24126
secunia	19375
vim	20060327 Helm Control Panel followup
vupen	ADV-2006-1093
xf	helm-domainsdefault-xss(25470) helm-domainsusersdefaault-xss(30309)

Last major update

20-07-2017 - 01:30

Published

28-03-2006 - 11:06

Last modified

20-07-2017 - 01:30