Vulnerabilities > CVE-2006-1082 - Cross-Site Scripting vulnerability in PHParcadescript 2.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
phparcadescript
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts.

Vulnerable Configurations

Part Description Count
Application
Phparcadescript
1

Exploit-Db

  • descriptionphpArcadeScript 2.0 browse.php Multiple Parameter XSS. CVE-2006-1082. Webapps exploit for php platform
    idEDB-ID:27352
    last seen2016-02-03
    modified2006-03-04
    published2006-03-04
    reporterRetard
    sourcehttps://www.exploit-db.com/download/27352/
    titlephpArcadeScript 2.0 browse.php Multiple Parameter XSS
  • descriptionphpArcadeScript 2.0 index.php submissionstatus Parameter XSS. CVE-2006-1082. Webapps exploit for php platform
    idEDB-ID:27351
    last seen2016-02-03
    modified2006-03-04
    published2006-03-04
    reporterRetard
    sourcehttps://www.exploit-db.com/download/27351/
    titlephpArcadeScript 2.0 index.php submissionstatus Parameter XSS
  • descriptionphpArcadeScript 2.0 loginbox.php login_status Parameter XSS. CVE-2006-1082. Webapps exploit for php platform
    idEDB-ID:27350
    last seen2016-02-03
    modified2006-03-04
    published2006-03-04
    reporterRetard
    sourcehttps://www.exploit-db.com/download/27350/
    titlephpArcadeScript 2.0 loginbox.php login_status Parameter XSS
  • descriptionphpArcadeScript 2.0 displaygame.php gamefile Parameter XSS. CVE-2006-1082. Webapps exploit for php platform
    idEDB-ID:27353
    last seen2016-02-03
    modified2006-03-04
    published2006-03-04
    reporterRetard
    sourcehttps://www.exploit-db.com/download/27353/
    titlephpArcadeScript 2.0 displaygame.php gamefile Parameter XSS
  • descriptionphpArcadeScript 2.0 tellafriend.php gamename Parameter XSS. CVE-2006-1082. Webapps exploit for php platform
    idEDB-ID:27349
    last seen2016-02-03
    modified2006-03-04
    published2006-03-04
    reporterRetard
    sourcehttps://www.exploit-db.com/download/27349/
    titlephpArcadeScript 2.0 tellafriend.php gamename Parameter XSS