Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1290

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1290
Last Modified 07 Mar 2011 09:32:43
Published 19 Mar 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1290

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php.

Vulnerable Systems

Application

  • Milkeyway Captive Portal 0.1

  • Milkeyway Captive Portal 0.1.1


References

VUPEN - ADV-2006-0968

MISC - http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt

BID - 17127

BUGTRAQ - 20060316 Milkeyway Multiple Vulnerabilities

XF - milkeyway-multiple-xss(25288)

MISC - http://www.ush.it/team/ascii/hack-milkeway/advisory.txt

OSVDB - 23933

OSVDB - 23932

SECTRACK - 1015778

SECUNIA - 19258


Last Updated: 27 May 2016 10:42:00