CVE-2006-1196

EPSS 2.5%

Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php.

Affected products

n/a · n/a

public PoCs found — 4

exploitdbwww.exploit-db.com/exploits/27409unverified exploitdbwww.exploit-db.com/exploits/27410unverified exploitdbwww.exploit-db.com/exploits/27411unverified exploitdbwww.exploit-db.com/exploits/27412unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://kiki91.altervista.org/exploit/qwikiwiki_1.0.5_xss.txt http://secunia.com/advisories/19182 https://exchange.xforce.ibmcloud.com/vulnerabilities/25128 http://www.osvdb.org/23786 http://www.osvdb.org/23787 http://www.osvdb.org/23788 http://www.osvdb.org/23789 http://www.securityfocus.com/bid/17064 http://www.vupen.com/english/advisories/2006/0910