Vulnerabilities > CVE-2006-1642 - Unspecified vulnerability in Interact
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
References
- http://secunia.com/advisories/19488
- http://secunia.com/advisories/19488
- http://www.osvdb.org/24389
- http://www.osvdb.org/24389
- http://www.osvdb.org/24461
- http://www.osvdb.org/24461
- http://www.vupen.com/english/advisories/2006/1244
- http://www.vupen.com/english/advisories/2006/1244
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25652
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25652