← volver
CVE-2006-5626

CVE-2006-5626

EPSS 1.9%
Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability; the software was updated without changing the version number.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/28882no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://secunia.com/advisories/22629http://securityreason.com/securityalert/1802http://www.securityfocus.com/archive/1/449894/100/0/threadedhttp://www.securityfocus.com/bid/20821http://www.vigilon.com/advisories/vg-phpfaber-24-10-2006.txthttp://www.vigilon.com/resources/102506c.htmlhttp://www.vupen.com/english/advisories/2006/4260