Vulnerabilities > CVE-2006-1413 - Cross-Site Scripting vulnerability in EZHomePagePro

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
htmljunction
exploit available
NVD
Published: 2006-03-28
Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp.

Vulnerable Configurations

Part Description Count
Application
Htmljunction
1

Exploit-Db

  • descriptionEZHomePagePro 1.5 users_mgallery.asp usid Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform
    idEDB-ID:27473
    last seen2016-02-03
    modified2006-03-27
    published2006-03-27
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27473/
    titleEZHomePagePro 1.5 users_mgallery.asp usid Parameter XSS
  • descriptionEZHomePagePro 1.5 users_calendar.asp page Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform
    idEDB-ID:27471
    last seen2016-02-03
    modified2006-03-27
    published2006-03-27
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27471/
    titleEZHomePagePro 1.5 users_calendar.asp page Parameter XSS
  • descriptionEZHomePagePro 1.5 users_search.asp Multiple Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform
    idEDB-ID:27470
    last seen2016-02-03
    modified2006-03-27
    published2006-03-27
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27470/
    titleEZHomePagePro 1.5 users_search.asp Multiple Parameter XSS
  • descriptionEZHomePagePro 1.5 users_profiles.asp Multiple Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform
    idEDB-ID:27472
    last seen2016-02-03
    modified2006-03-27
    published2006-03-27
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27472/
    titleEZHomePagePro 1.5 users_profiles.asp Multiple Parameter XSS
  • descriptionEZHomePagePro 1.5 email.asp Multiple Parameter XSS. CVE-2006-1413. Webapps exploit for asp platform
    idEDB-ID:27469
    last seen2016-02-03
    modified2006-03-27
    published2006-03-27
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27469/
    titleEZHomePagePro 1.5 email.asp Multiple Parameter XSS

References