CVE-2006-2746 - Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allo

CVE-2006-2746

Summary

Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.

References

Vulnerable Configurations

cpe:2.3:a:facile_interactive_web:facile_interactive_web:*:*:*:*:*:*:*:*
cpe:2.3:a:facile_interactive_web:facile_interactive_web:*:*:*:*:*:*:*:*
cpe:2.3:a:facile_interactive_web:facile_interactive_web:0.8.41:*:*:*:*:*:*:*
cpe:2.3:a:facile_interactive_web:facile_interactive_web:0.8.41:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 18-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	18151
bugtraq	20060528 Advisory: F@cile Interactive Web <= 0.8x Multiple RemoteVulnerabilities.
misc	http://www.nukedx.com/?getxpl=35 http://www.nukedx.com/?viewdoc=35
osvdb	26104 26105
secunia	20358
sreason	1010
vupen	ADV-2006-2036

Last major update

18-10-2018 - 16:41

Published

01-06-2006 - 10:02

Last modified

18-10-2018 - 16:41