Vulnerabilities > CVE-2006-1008 - Input Validation vulnerability in Nathan Landry N8Cms Sitesuite CMS 1.1/1.12/1.2

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
nathan-landry
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection. This vulnerability may affect all versions of Nathan Landry, n8cms.

Exploit-Db

  • descriptionn8cms 1.1/1.2 index.php Multiple Parameter XSS. CVE-2006-1008. Webapps exploit for php platform
    idEDB-ID:27331
    last seen2016-02-03
    modified2006-02-27
    published2006-02-27
    reporterLiz0ziM
    sourcehttps://www.exploit-db.com/download/27331/
    titlen8cms 1.1/1.2 index.php Multiple Parameter XSS
  • descriptionn8cms 1.1/1.2 mailto.php userid Parameter XSS. CVE-2006-1008. Webapps exploit for php platform
    idEDB-ID:27332
    last seen2016-02-03
    modified2006-02-27
    published2006-02-27
    reporterLiz0ziM
    sourcehttps://www.exploit-db.com/download/27332/
    titlen8cms 1.1/1.2 mailto.php userid Parameter XSS