← back
CVE-2006-1230

CVE-2006-1230

EPSS 2.5%
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/27414unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/19216http://securitytracker.com/id?1016183https://exchange.xforce.ibmcloud.com/vulnerabilities/25181http://www.osvdb.org/23838http://www.securityfocus.com/archive/1/427408/100/0/threadedhttp://www.securityfocus.com/archive/1/435310/100/0/threadedhttp://www.securityfocus.com/archive/1/461922/100/0/threadedhttp://www.securityfocus.com/bid/17073http://www.securityfocus.com/bid/22819http://www.vupen.com/english/advisories/2006/0945