CVE-2006-5770

EPSS 2.7%

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php.

Affected products

n/a · n/a

public PoCs found — 6

exploitdbwww.exploit-db.com/exploits/28905unverified exploitdbwww.exploit-db.com/exploits/28900unverified exploitdbwww.exploit-db.com/exploits/28901unverified exploitdbwww.exploit-db.com/exploits/28902unverified exploitdbwww.exploit-db.com/exploits/28903unverified exploitdbwww.exploit-db.com/exploits/28904unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30007 http://www.osvdb.org/32046 http://www.osvdb.org/32047 http://www.osvdb.org/32048 http://www.osvdb.org/32049 http://www.osvdb.org/32050 http://www.osvdb.org/32051 http://www.securityfocus.com/archive/1/450496/100/0/threaded http://www.securityfocus.com/bid/20895