Vulnerabilities > CVE-2006-1033 - Cross-Site Scripting vulnerability in CPG Dragonfly CMS
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description Dragonfly CMS 9.0.6 .1 Surveys Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform id EDB-ID:27267 last seen 2016-02-03 modified 2006-02-22 published 2006-02-22 reporter Lostmon source https://www.exploit-db.com/download/27267/ title Dragonfly CMS 9.0.6.1 - Surveys Module Multiple Parameter XSS description Dragonfly CMS 9.0.6 .1 Stories_Archive Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform id EDB-ID:27265 last seen 2016-02-03 modified 2006-02-22 published 2006-02-22 reporter Lostmon source https://www.exploit-db.com/download/27265/ title Dragonfly CMS 9.0.6.1 - Stories_Archive Module Multiple Parameter XSS description Dragonfly CMS 9.0.6 .1 News Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform id EDB-ID:27264 last seen 2016-02-03 modified 2006-02-22 published 2006-02-22 reporter Lostmon source https://www.exploit-db.com/download/27264/ title Dragonfly CMS 9.0.6 1 - News Module Multiple Parameter XSS description Dragonfly CMS 9.0.6 .1 Coppermine Module album Parameter XSS. CVE-2006-1033. Webapps exploit for php platform id EDB-ID:27269 last seen 2016-02-03 modified 2006-02-22 published 2006-02-22 reporter Lostmon source https://www.exploit-db.com/download/27269/ title Dragonfly CMS 9.0.6.1 - Coppermine Module album Parameter XSS description Dragonfly CMS 9.0.6 .1 Downloads Module c Parameter XSS. CVE-2006-1033. Webapps exploit for php platform id EDB-ID:27268 last seen 2016-02-03 modified 2006-02-22 published 2006-02-22 reporter Lostmon source https://www.exploit-db.com/download/27268/ title Dragonfly CMS 9.0.6.1 - Downloads Module c Parameter XSS description Dragonfly CMS 9.0.6 .1 Web_Links Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform id EDB-ID:27266 last seen 2016-02-03 modified 2006-02-22 published 2006-02-22 reporter Lostmon source https://www.exploit-db.com/download/27266/ title Dragonfly CMS 9.0.6.1 - Web_Links Module Multiple Parameter XSS description Dragonfly CMS 9.0.6 .1 Your_Account Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform id EDB-ID:27263 last seen 2016-02-03 modified 2006-02-22 published 2006-02-22 reporter Lostmon source https://www.exploit-db.com/download/27263/ title Dragonfly CMS 9.0.6 1 - Your_Account Module Multiple Parameter XSS