CVE-2006-3769 - Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers

CVE-2006-3769

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php. Successful exploitation requires that register_globals is enabled.

References

Vulnerable Configurations

cpe:2.3:a:top_xl:top_xl:1.0:*:*:*:*:*:*:*
cpe:2.3:a:top_xl:top_xl:1.0:*:*:*:*:*:*:*
cpe:2.3:a:top_xl:top_xl:*:*:*:*:*:*:*:*
cpe:2.3:a:top_xl:top_xl:*:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 17-10-2018 - 21:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	19098
bugtraq	20060720 Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure 20060720 [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure
misc	http://www.majorsecurity.de/advisory/major_rls22.txt
osvdb	27413 27414
sectrack	1016548
secunia	21145
sreason	1267
vupen	ADV-2006-2914
xf	topxl-add-index-xss(27880)

Last major update

17-10-2018 - 21:30

Published

24-07-2006 - 12:19

Last modified

17-10-2018 - 21:30