ID CVE-2006-3533
Summary Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php.
References
Vulnerable Configurations
  • cpe:2.3:a:pivot:pivot:1.30_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:pivot:pivot:1.30_rc2:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 18881
bugtraq 20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution
misc http://retrogod.altervista.org/pivot_130RC2_xpl.html
osvdb
  • 27127
  • 27128
  • 27129
secunia 20962
sreason 1214
vupen ADV-2006-2744
xf pivot-multiple-scripts-xss(27672)
Last major update 18-10-2018 - 16:47
Published 12-07-2006 - 21:05
Last modified 18-10-2018 - 16:47
Back to Top