Vulnerabilities > CVE-2006-2689 - Cross-Site Scripting vulnerability in EVA-Web
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description EVA-Web 2.1.2 index.php Multiple Parameter XSS. CVE-2006-2689. Webapps exploit for php platform id EDB-ID:27922 last seen 2016-02-03 modified 2006-05-30 published 2006-05-30 reporter r0t source https://www.exploit-db.com/download/27922/ title EVA-Web 2.1.2 index.php Multiple Parameter XSS description EVA-Web 2.1.2 rubrique.php3 date Parameter XSS. CVE-2006-2689. Webapps exploit for php platform id EDB-ID:27921 last seen 2016-02-03 modified 2006-05-30 published 2006-05-30 reporter r0t source https://www.exploit-db.com/download/27921/ title EVA-Web 2.1.2 rubrique.php3 date Parameter XSS description EVA-Web 2.1.2 article-album.php3 debut_image Parameter XSS. CVE-2006-2689. Webapps exploit for php platform id EDB-ID:27920 last seen 2016-02-03 modified 2006-05-30 published 2006-05-30 reporter r0t source https://www.exploit-db.com/download/27920/ title EVA-Web 2.1.2 article-album.php3 debut_image Parameter XSS