Vulnerabilities > CVE-2006-1033 - Cross-Site Scripting vulnerability in CPG Dragonfly CMS

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
cpg-nuke
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.

Exploit-Db

  • descriptionDragonfly CMS 9.0.6 .1 Surveys Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform
    idEDB-ID:27267
    last seen2016-02-03
    modified2006-02-22
    published2006-02-22
    reporterLostmon
    sourcehttps://www.exploit-db.com/download/27267/
    titleDragonfly CMS 9.0.6.1 - Surveys Module Multiple Parameter XSS
  • descriptionDragonfly CMS 9.0.6 .1 Stories_Archive Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform
    idEDB-ID:27265
    last seen2016-02-03
    modified2006-02-22
    published2006-02-22
    reporterLostmon
    sourcehttps://www.exploit-db.com/download/27265/
    titleDragonfly CMS 9.0.6.1 - Stories_Archive Module Multiple Parameter XSS
  • descriptionDragonfly CMS 9.0.6 .1 News Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform
    idEDB-ID:27264
    last seen2016-02-03
    modified2006-02-22
    published2006-02-22
    reporterLostmon
    sourcehttps://www.exploit-db.com/download/27264/
    titleDragonfly CMS 9.0.6 1 - News Module Multiple Parameter XSS
  • descriptionDragonfly CMS 9.0.6 .1 Coppermine Module album Parameter XSS. CVE-2006-1033. Webapps exploit for php platform
    idEDB-ID:27269
    last seen2016-02-03
    modified2006-02-22
    published2006-02-22
    reporterLostmon
    sourcehttps://www.exploit-db.com/download/27269/
    titleDragonfly CMS 9.0.6.1 - Coppermine Module album Parameter XSS
  • descriptionDragonfly CMS 9.0.6 .1 Downloads Module c Parameter XSS. CVE-2006-1033. Webapps exploit for php platform
    idEDB-ID:27268
    last seen2016-02-03
    modified2006-02-22
    published2006-02-22
    reporterLostmon
    sourcehttps://www.exploit-db.com/download/27268/
    titleDragonfly CMS 9.0.6.1 - Downloads Module c Parameter XSS
  • descriptionDragonfly CMS 9.0.6 .1 Web_Links Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform
    idEDB-ID:27266
    last seen2016-02-03
    modified2006-02-22
    published2006-02-22
    reporterLostmon
    sourcehttps://www.exploit-db.com/download/27266/
    titleDragonfly CMS 9.0.6.1 - Web_Links Module Multiple Parameter XSS
  • descriptionDragonfly CMS 9.0.6 .1 Your_Account Module Multiple Parameter XSS. CVE-2006-1033. Webapps exploit for php platform
    idEDB-ID:27263
    last seen2016-02-03
    modified2006-02-22
    published2006-02-22
    reporterLostmon
    sourcehttps://www.exploit-db.com/download/27263/
    titleDragonfly CMS 9.0.6 1 - Your_Account Module Multiple Parameter XSS