Vulnerabilities > CVE-2006-2746 - Cross-Site Scripting vulnerability in Facile Interactive web Facile Interactive web 0.8.41

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
facile-interactive-web
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.

Exploit-Db

descriptionF@cile Interactive Web <= 0.8x Remote (Include / XSS) Vulnerabilities. CVE-2006-2744,CVE-2006-2745,CVE-2006-2746. Webapps exploit for php platform
idEDB-ID:1841
last seen2016-01-31
modified2006-05-28
published2006-05-28
reporternukedx
sourcehttps://www.exploit-db.com/download/1841/
titleF@cile Interactive Web <= 0.8x Remote Include / XSS Vulnerabilities