Vulnerabilities > CVE-2006-4794 - Cross-Site Scripting vulnerability in E107 0.7.5

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
e107
exploit available
NVD
Published: 2006-09-14
Updated: 2008-09-05

Summary

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
E107
1

Exploit-Db

  • descriptione107 website system 0.7.5 submitnews.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform
    idEDB-ID:28554
    last seen2016-02-03
    modified2006-09-13
    published2006-09-13
    reporterzark0vac
    sourcehttps://www.exploit-db.com/download/28554/
    titlee107 website system 0.7.5 submitnews.php Query String PATH_INFO Parameter XSS
  • descriptione107 website system 0.7.5 search.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform
    idEDB-ID:28551
    last seen2016-02-03
    modified2006-09-13
    published2006-09-13
    reporterzark0vac
    sourcehttps://www.exploit-db.com/download/28551/
    titlee107 website system 0.7.5 - search.php Query String PATH_INFO Parameter XSS
  • descriptione107 website system 0.7.5 download.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform
    idEDB-ID:28546
    last seen2016-02-03
    modified2006-09-13
    published2006-09-13
    reporterzark0vac
    sourcehttps://www.exploit-db.com/download/28546/
    titlee107 website system 0.7.5 download.php Query String PATH_INFO Parameter XSS
  • descriptione107 website system 0.7.5 news.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform
    idEDB-ID:28549
    last seen2016-02-03
    modified2006-09-13
    published2006-09-13
    reporterzark0vac
    sourcehttps://www.exploit-db.com/download/28549/
    titlee107 website system 0.7.5 news.php Query String PATH_INFO Parameter XSS
  • descriptione107 website system 0.7.5 fpw.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform
    idEDB-ID:28548
    last seen2016-02-03
    modified2006-09-13
    published2006-09-13
    reporterzark0vac
    sourcehttps://www.exploit-db.com/download/28548/
    titlee107 website system 0.7.5 fpw.php Query String PATH_INFO Parameter XSS
  • descriptione107 website system 0.7.5 admin.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794 . Webapps exploit for php platform
    idEDB-ID:28547
    last seen2016-02-03
    modified2006-09-13
    published2006-09-13
    reporterzark0vac
    sourcehttps://www.exploit-db.com/download/28547/
    titlee107 website system 0.7.5 admin.php Query String PATH_INFO Parameter XSS
  • descriptione107 website system 0.7.5 user.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform
    idEDB-ID:28556
    last seen2016-02-03
    modified2006-09-13
    published2006-09-13
    reporterzark0vac
    sourcehttps://www.exploit-db.com/download/28556/
    titlee107 website system 0.7.5 user.php Query String PATH_INFO Parameter XSS
  • descriptione107 website system 0.7.5 signup.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform
    idEDB-ID:28552
    last seen2016-02-03
    modified2006-09-13
    published2006-09-13
    reporterzark0vac
    sourcehttps://www.exploit-db.com/download/28552/
    titlee107 website system 0.7.5 signup.php Query String PATH_INFO Parameter XSS
  • descriptione107 website system 0.7.5 contact.php Query String (PATH_INFO) Parameter XSS. CVE-2006-4794. Webapps exploit for php platform
    idEDB-ID:28545
    last seen2016-02-03
    modified2006-09-13
    published2006-09-13
    reporterzark0vac
    sourcehttps://www.exploit-db.com/download/28545/
    titlee107 website system 0.7.5 contact.php Query String PATH_INFO Parameter XSS

References