Vulnerabilities > CVE-2006-1965 - Cross-Site Scripting vulnerability in Aasi Media NET Clubs PRO 4.0

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
aasi-media
exploit available
NVD
Published: 2006-04-21
Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.

Vulnerable Configurations

Part Description Count
Application
Aasi_Media
1

Exploit-Db

  • descriptionNet Clubs Pro 4.0 sendim.cgi Multiple Parameter XSS. CVE-2006-1965. Webapps exploit for cgi platform
    idEDB-ID:27695
    last seen2016-02-03
    modified2006-04-20
    published2006-04-20
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27695/
    titleNet Clubs Pro 4.0 sendim.cgi Multiple Parameter XSS
  • descriptionNet Clubs Pro 4.0 login.cgi password Parameter XSS. CVE-2006-1965. Webapps exploit for cgi platform
    idEDB-ID:27697
    last seen2016-02-03
    modified2006-04-20
    published2006-04-20
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27697/
    titleNet Clubs Pro 4.0 login.cgi password Parameter XSS
  • descriptionNet Clubs Pro 4.0 imessage.cgi username Parameter XSS. CVE-2006-1965. Webapps exploit for cgi platform
    idEDB-ID:27696
    last seen2016-02-03
    modified2006-04-20
    published2006-04-20
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27696/
    titleNet Clubs Pro 4.0 imessage.cgi username Parameter XSS

References