Vulnerabilities > CVE-2006-1965 - Cross-Site Scripting vulnerability in Aasi Media NET Clubs PRO 4.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Net Clubs Pro 4.0 sendim.cgi Multiple Parameter XSS. CVE-2006-1965. Webapps exploit for cgi platform id EDB-ID:27695 last seen 2016-02-03 modified 2006-04-20 published 2006-04-20 reporter r0t source https://www.exploit-db.com/download/27695/ title Net Clubs Pro 4.0 sendim.cgi Multiple Parameter XSS description Net Clubs Pro 4.0 login.cgi password Parameter XSS. CVE-2006-1965. Webapps exploit for cgi platform id EDB-ID:27697 last seen 2016-02-03 modified 2006-04-20 published 2006-04-20 reporter r0t source https://www.exploit-db.com/download/27697/ title Net Clubs Pro 4.0 login.cgi password Parameter XSS description Net Clubs Pro 4.0 imessage.cgi username Parameter XSS. CVE-2006-1965. Webapps exploit for cgi platform id EDB-ID:27696 last seen 2016-02-03 modified 2006-04-20 published 2006-04-20 reporter r0t source https://www.exploit-db.com/download/27696/ title Net Clubs Pro 4.0 imessage.cgi username Parameter XSS
References
- http://pridels0.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html
- http://secunia.com/advisories/19651
- http://www.osvdb.org/24754
- http://www.osvdb.org/24755
- http://www.osvdb.org/24756
- http://www.osvdb.org/24757
- http://www.securityfocus.com/bid/17622
- http://www.vupen.com/english/advisories/2006/1436
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25957