Vulnerabilities > CVE-2006-1407 - Cross-Site Scripting vulnerability in Web Host Automation Ltd. Helm
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp. These issues are reportedly fixed by the vendor. Version 3.2.10-stable will contain these fixes when it is released. Contact the vendor for further information on obtaining fixes.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Web Host Automation Ltd. Helm 3.2.10 beta domains.asp txtDomainName Parameter XSS. CVE-2006-1407. Webapps exploit for asp platform id EDB-ID:27486 last seen 2016-02-03 modified 2006-03-27 published 2006-03-27 reporter r0t source https://www.exploit-db.com/download/27486/ title Web Host Automation Ltd. Helm 3.2.10 beta domains.asp txtDomainName Parameter XSS description Web Host Automation Ltd. Helm 3.2.10 beta default.asp Multiple Parameter XSS. CVE-2006-1407. Webapps exploit for asp platform id EDB-ID:27487 last seen 2016-02-03 modified 2006-03-27 published 2006-03-27 reporter r0t source https://www.exploit-db.com/download/27487/ title Web Host Automation Ltd. Helm 3.2.10 beta default.asp Multiple Parameter XSS
References
- http://attrition.org/pipermail/vim/2006-March/000654.html
- http://pridels0.blogspot.com/2006/03/helm-web-hosting-control-panel-xss.html
- http://secunia.com/advisories/19375
- http://www.osvdb.org/24125
- http://www.osvdb.org/24126
- http://www.securityfocus.com/bid/17263
- http://www.vupen.com/english/advisories/2006/1093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25470
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30309