Vulnerabilities > CVE-2006-2478 - Unspecified vulnerability in Bitrix Site Manager
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html
- http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html
- http://secunia.com/advisories/20143
- http://secunia.com/advisories/20143
- http://securityreason.com/securityalert/918
- http://securityreason.com/securityalert/918
- http://securitytracker.com/id?1016121
- http://securitytracker.com/id?1016121
- http://www.osvdb.org/25625
- http://www.osvdb.org/25625
- http://www.securityfocus.com/archive/1/434367/100/0/threaded
- http://www.securityfocus.com/archive/1/434367/100/0/threaded
- http://www.vupen.com/english/advisories/2006/1858
- http://www.vupen.com/english/advisories/2006/1858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26543