Vulnerabilities > CVE-2006-1850 - Input Validation vulnerability in xFlow

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

skymarx-solutions

exploit available

NVD

Published: 2006-04-19

Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi.

Vulnerable Configurations

Part	Description	Count
Application	Skymarx_Solutions Skymarx Solutions Xflow *	1

Exploit-Db

description	xFlow 5.46.11 index.cgi Multiple Parameter XSS. CVE-2006-1850. Webapps exploit for cgi platform
id	EDB-ID:27691
last seen	2016-02-03
modified	2006-04-19
published	2006-04-19
reporter	r0t
source	https://www.exploit-db.com/download/27691/
title	xFlow 5.46.11 index.cgi Multiple Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References