Vulnerabilities > CVE-2006-2478 - Cross-Site Scripting vulnerability in Bitrix Site Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0443.html
- http://secunia.com/advisories/20143
- http://securityreason.com/securityalert/918
- http://securitytracker.com/id?1016121
- http://www.osvdb.org/25625
- http://www.securityfocus.com/archive/1/434367/100/0/threaded
- http://www.vupen.com/english/advisories/2006/1858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26543