Vulnerabilities > CVE-2006-2564 - HTML Injection vulnerability in Alstrasoft E-Friends 4.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
alstrasoft
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |