Vulnerabilities > CVE-2006-1196 - Cross-Site Scripting vulnerability in David Barrett Qwikiwiki 1.4/1.5/1.5.1

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
david-barrett
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php.

Vulnerable Configurations

Part Description Count
Application
David_Barrett
3

Exploit-Db

  • descriptionQwikiWiki 1.4/1.5 pageindex.php help Parameter XSS. CVE-2006-1196. Webapps exploit for php platform
    idEDB-ID:27411
    last seen2016-02-03
    modified2006-03-10
    published2006-03-10
    reporterKiki
    sourcehttps://www.exploit-db.com/download/27411/
    titleQwikiWiki 1.4/1.5 pageindex.php help Parameter XSS
  • descriptionQwikiWiki 1.4/1.5 recentchanges.php help Parameter XSS. CVE-2006-1196. Webapps exploit for php platform
    idEDB-ID:27412
    last seen2016-02-03
    modified2006-03-10
    published2006-03-10
    reporterKiki
    sourcehttps://www.exploit-db.com/download/27412/
    titleQwikiWiki 1.4/1.5 recentchanges.php help Parameter XSS
  • descriptionQwikiWiki 1.4/1.5 login.php Multiple Parameter XSS. CVE-2006-1196. Webapps exploit for php platform
    idEDB-ID:27410
    last seen2016-02-03
    modified2006-03-10
    published2006-03-10
    reporterKiki
    sourcehttps://www.exploit-db.com/download/27410/
    titleQwikiWiki 1.4/1.5 login.php Multiple Parameter XSS
  • descriptionQwikiWiki 1.4/1.5 index.php Multiple Parameter XSS. CVE-2006-1196. Webapps exploit for php platform
    idEDB-ID:27409
    last seen2016-02-03
    modified2006-03-10
    published2006-03-10
    reporterKiki
    sourcehttps://www.exploit-db.com/download/27409/
    titleQwikiWiki 1.4/1.5 index.php Multiple Parameter XSS