Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2746

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2746
Last Modified 07 Mar 2011 09:36:56
Published 01 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2746

Summary

Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.

Vulnerable Systems

Application

  • Facile Interactive Web 0.8.41

  • Facile Interactive Web 0.8.5


References

VUPEN - ADV-2006-2036

BID - 18151

BUGTRAQ - 20060528 Advisory: F@cile Interactive Web <= 0.8x Multiple RemoteVulnerabilities.

MISC - http://www.nukedx.com/?viewdoc=35

MISC - http://www.nukedx.com/?getxpl=35

SECUNIA - 20358

OSVDB - 26105

OSVDB - 26104

SREASON - 1010


Last Updated: 27 May 2016 10:42:44