Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2951

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2951
Last Modified 13 Sep 2011 12:00:00
Published 12 Jun 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2951

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php.

Vulnerable Systems

Application

  • Npds 4.8

  • Npds 5.0

  • Npds 5.10


References

XF - npds-multiple-scripts-xss(27123)

VUPEN - ADV-2006-2233

BID - 18383

BUGTRAQ - 20060608 NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure

OSVDB - 26296

OSVDB - 26295

OSVDB - 26294

OSVDB - 26293

OSVDB - 26292

MISC - http://www.acid-root.new.fr/advisories/npds510.txt

SREASON - 1076

SECUNIA - 20523


Last Updated: 27 May 2016 10:42:50