Vulnerabilities > CVE-2006-1413 - Unspecified vulnerability in Htmljunction Ezhomepagepro
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN htmljunction
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description EZHomePagePro 1.5 users_mgallery.asp usid Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform id EDB-ID:27473 last seen 2016-02-03 modified 2006-03-27 published 2006-03-27 reporter r0t source https://www.exploit-db.com/download/27473/ title EZHomePagePro 1.5 users_mgallery.asp usid Parameter XSS description EZHomePagePro 1.5 users_calendar.asp page Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform id EDB-ID:27471 last seen 2016-02-03 modified 2006-03-27 published 2006-03-27 reporter r0t source https://www.exploit-db.com/download/27471/ title EZHomePagePro 1.5 users_calendar.asp page Parameter XSS description EZHomePagePro 1.5 users_search.asp Multiple Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform id EDB-ID:27470 last seen 2016-02-03 modified 2006-03-27 published 2006-03-27 reporter r0t source https://www.exploit-db.com/download/27470/ title EZHomePagePro 1.5 users_search.asp Multiple Parameter XSS description EZHomePagePro 1.5 users_profiles.asp Multiple Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform id EDB-ID:27472 last seen 2016-02-03 modified 2006-03-27 published 2006-03-27 reporter r0t source https://www.exploit-db.com/download/27472/ title EZHomePagePro 1.5 users_profiles.asp Multiple Parameter XSS description EZHomePagePro 1.5 email.asp Multiple Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform id EDB-ID:27469 last seen 2016-02-03 modified 2006-03-27 published 2006-03-27 reporter r0t source https://www.exploit-db.com/download/27469/ title EZHomePagePro 1.5 email.asp Multiple Parameter XSS
References
- http://pridels0.blogspot.com/2006/03/ezhomepagepro-multiple-xss-vuln.html
- http://pridels0.blogspot.com/2006/03/ezhomepagepro-multiple-xss-vuln.html
- http://secunia.com/advisories/19386
- http://secunia.com/advisories/19386
- http://www.osvdb.org/24132
- http://www.osvdb.org/24132
- http://www.osvdb.org/24133
- http://www.osvdb.org/24133
- http://www.osvdb.org/24134
- http://www.osvdb.org/24134
- http://www.osvdb.org/24135
- http://www.osvdb.org/24135
- http://www.osvdb.org/24136
- http://www.osvdb.org/24136
- http://www.securityfocus.com/bid/17236
- http://www.securityfocus.com/bid/17236
- http://www.vupen.com/english/advisories/2006/1094
- http://www.vupen.com/english/advisories/2006/1094
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25468
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25468