Vulnerabilities > CVE-2006-3259 - Cross-Site Scripting vulnerability in e107
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
Vulnerable Configurations
Exploit-Db
description e107 0.7.5 Search.PHP Cross-Site Scripting Vulnerability. CVE-2006-3259. Webapps exploit for php platform id EDB-ID:28063 last seen 2016-02-03 modified 2006-06-19 published 2006-06-19 reporter securityconnection source https://www.exploit-db.com/download/28063/ title e107 0.7.5 - Search.PHP Cross-Site Scripting Vulnerability description e107 0.7.5 Subject field HTML injection Vulnerability. CVE-2006-3259. Webapps exploit for php platform id EDB-ID:28078 last seen 2016-02-03 modified 2006-06-21 published 2006-06-21 reporter EllipSiS Security source https://www.exploit-db.com/download/28078/ title e107 0.7.5 Subject field HTML Injection Vulnerability
References
- http://secunia.com/advisories/20727
- http://securityreason.com/securityalert/1151
- http://www.securityfocus.com/archive/1/437649/100/0/threaded
- http://www.securityfocus.com/bid/18508
- http://www.securityfocus.com/bid/18560
- http://www.vupen.com/english/advisories/2006/2460
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27240
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27242