Vulnerabilities > CVE-2006-2174 - Cross-Site Scripting vulnerability in Virtual Hosting Control System Virtual Hosting Control System 2.4.7.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Virtual Hosting Control System 2.4.7 .1 Server_day_stats.PHP Multiple Cross-Site Scripting Vulnerabilities. CVE-2006-2174. Webapps exploit for php platform |
| id | EDB-ID:27799 |
| last seen | 2016-02-03 |
| modified | 2006-05-02 |
| published | 2006-05-02 |
| reporter | O.U.T.L.A.W |
| source | https://www.exploit-db.com/download/27799/ |
| title | Virtual Hosting Control System 2.4.7.1 Server_day_stats.PHP Multiple Cross-Site Scripting Vulnerabilities |
References
- http://secunia.com/advisories/19940
- http://securityreason.com/securityalert/832
- http://www.aria-security.net/hm/vhcs.txt
- http://www.securityfocus.com/archive/1/432711
- http://www.securityfocus.com/bid/17790
- http://www.vupen.com/english/advisories/2006/1634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26209