Vulnerabilities > CVE-2006-4543 - Cross-Site Scripting vulnerability in Hlstats 1.34

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
hlstats
exploit available

Summary

Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.

Vulnerable Configurations

Part Description Count
Application
Hlstats
1

Exploit-Db

descriptionHLstats 1.34 Index.PHP Multiple Cross Site Scripting Vulnerabilities. CVE-2006-4543. Webapps exploit for php platform
idEDB-ID:28446
last seen2016-02-03
modified2006-08-30
published2006-08-30
reporterMC.Iglo
sourcehttps://www.exploit-db.com/download/28446/
titleHLstats 1.34 Index.PHP Multiple Cross-Site Scripting Vulnerabilities