CVE-2006-1033
CVE-2006-1033
Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.
Productos afectados
n/a · n/aPoCs públicas encontradas — 7
exploitdbwww.exploit-db.com/exploits/27264no verificadoexploitdbwww.exploit-db.com/exploits/27263no verificadoexploitdbwww.exploit-db.com/exploits/27269no verificadoexploitdbwww.exploit-db.com/exploits/27268no verificadoexploitdbwww.exploit-db.com/exploits/27265no verificadoexploitdbwww.exploit-db.com/exploits/27267no verificadoexploitdbwww.exploit-db.com/exploits/27266no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.htmlhttp://secunia.com/advisories/18940http://securitytracker.com/id?1015661https://exchange.xforce.ibmcloud.com/vulnerabilities/24843http://www.securityfocus.com/bid/16784http://www.vupen.com/english/advisories/2006/0688