CVE-2006-3358
CVE-2006-3358
Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/28132unverifiedexploitdbwww.exploit-db.com/exploits/28133unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/20943http://securityreason.com/securityalert/1188https://exchange.xforce.ibmcloud.com/vulnerabilities/27508http://www.osvdb.org/26976http://www.osvdb.org/26977http://www.securityfocus.com/archive/1/438858/100/0/threadedhttp://www.securityfocus.com/bid/18726http://www.vupen.com/english/advisories/2006/2640