Vulnerabilities > CVE-2006-1290 - Input Validation vulnerability in Milkeyway Captive Portal 0.1/0.1.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
milkeyway
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- http://secunia.com/advisories/19258
- http://securitytracker.com/id?1015778
- http://www.osvdb.org/23932
- http://www.osvdb.org/23933
- http://www.securityfocus.com/archive/1/427890/100/0/threaded
- http://www.securityfocus.com/bid/17127
- http://www.ush.it/team/ascii/hack-milkeway/advisory.txt
- http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt
- http://www.vupen.com/english/advisories/2006/0968
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25288