Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1407

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2006-1407
Last Modified 07 Mar 2011 09:33:02
Published 28 Mar 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1407

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.

Vulnerable Systems

Application

  • Webhost Automation Helm Web Hosting Control Panel 3.2.10


References

VUPEN - ADV-2006-1093

BID - 17263

SECUNIA - 19375

XF - helm-domainsusersdefaault-xss(30309)

XF - helm-domainsdefault-xss(25470)

OSVDB - 24126

OSVDB - 24125

MISC - http://pridels0.blogspot.com/2006/03/helm-web-hosting-control-panel-xss.html

VIM - 20060327 Helm Control Panel followup


Last Updated: 27 May 2016 10:42:02