Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1965

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2006-1965
Last Modified 07 Mar 2011 09:34:42
Published 21 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1965

Summary

Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.

Vulnerable Systems

Application

  • Aasi Media Net Clubs Pro 4.0


References

VUPEN - ADV-2006-1436

XF - netclubspro-multiple-xss(25957)

BID - 17622

OSVDB - 24757

OSVDB - 24756

OSVDB - 24755

OSVDB - 24754

SECUNIA - 19651

MISC - http://pridels0.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html


Last Updated: 27 May 2016 10:42:16