Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3533

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2006-3533
Last Modified 07 Mar 2011 09:38:51
Published 12 Jul 2006 05:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3533

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php.

Vulnerable Systems

Application

  • Pivot 1.30 Rc2


References

VUPEN - ADV-2006-2744

BID - 18881

BUGTRAQ - 20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution

SECUNIA - 20962

MISC - http://retrogod.altervista.org/pivot_130RC2_xpl.html

XF - pivot-multiple-scripts-xss(27672)

OSVDB - 27129

OSVDB - 27128

OSVDB - 27127

SREASON - 1214


Last Updated: 27 May 2016 10:43:02