CVE-2006-1413

EPSS 4.7%

Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp.

Affected products

n/a · n/a

public PoCs found — 5

exploitdbwww.exploit-db.com/exploits/27469unverified exploitdbwww.exploit-db.com/exploits/27471unverified exploitdbwww.exploit-db.com/exploits/27473unverified exploitdbwww.exploit-db.com/exploits/27472unverified exploitdbwww.exploit-db.com/exploits/27470unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://pridels0.blogspot.com/2006/03/ezhomepagepro-multiple-xss-vuln.html http://secunia.com/advisories/19386 https://exchange.xforce.ibmcloud.com/vulnerabilities/25468 http://www.osvdb.org/24132 http://www.osvdb.org/24133 http://www.osvdb.org/24134 http://www.osvdb.org/24135 http://www.osvdb.org/24136 http://www.securityfocus.com/bid/17236 http://www.vupen.com/english/advisories/2006/1094