Vulnerabilities > CVE-2006-2140 - Cross-Site Scripting vulnerability in Orbitscripts Orbithyip 2.0

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
orbitscripts
exploit available
NVD
Published: 2006-05-02
Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.

Vulnerable Configurations

Part Description Count
Application
Orbitscripts
1

Exploit-Db

  • descriptionOrbitHYIP 2.0 members.php id Parameter XSS. CVE-2006-2140. Webapps exploit for php platform
    idEDB-ID:27789
    last seen2016-02-03
    modified2006-05-01
    published2006-05-01
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27789/
    titleOrbitHYIP 2.0 members.php id Parameter XSS
  • descriptionOrbitHYIP 2.0 signup.php referral Parameter XSS. CVE-2006-2140 . Webapps exploit for php platform
    idEDB-ID:27788
    last seen2016-02-03
    modified2006-05-01
    published2006-05-01
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27788/
    titleOrbitHYIP 2.0 signup.php referral Parameter XSS

References