Vulnerabilities > CVE-2006-3956 - Cross-Site Scripting vulnerability in Total Online Solutions Advanced Webhost Billing System 2.2.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
total-online-solutions
Summary
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/21296
- http://securityreason.com/securityalert/1317
- http://www.osvdb.org/27629
- http://www.securityfocus.com/archive/1/441532/100/0/threaded
- http://www.securityfocus.com/bid/19226
- http://www.vupen.com/english/advisories/2006/3061
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28069