Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0923

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0923
Last Modified 07 Mar 2011 09:31:07
Published 28 Feb 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0923

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.

Vulnerable Systems

Application

  • Myphpnuke 1.8.8

  • Myphpnuke 1.8.8 7

  • Myphpnuke 1.8.8 8 Rc2


References

VUPEN - ADV-2006-0750

BUGTRAQ - 20060224 Advisory: MyPHPNuke <= 1.8.8 multiple XSS vulnerabilities

MISC - http://www.nukedx.com/?viewdoc=12

XF - myphpnuke-reviews-download-xss(24887)

BID - 16815

CONFIRM - http://www.myphpnuke.com/article.php?sid=1035&mode=thread&order=0

SREASON - 491

SECUNIA - 19052


Last Updated: 27 May 2016 10:41:50