Vulnerabilities > CVE-2006-4894 - Cross-Site Scripting vulnerability in Idevspot Nixieaffiliate 1.9

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
idevspot
exploit available
NVD
Published: 2006-09-19
Updated: 2018-10-17

Summary

Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.

Vulnerable Configurations

Part Description Count
Application
Idevspot
1

Exploit-Db

descriptionNixieAffiliate 1.9 Lostpassword.PHP Cross-Site Scripting Vulnerability. CVE-2006-4894. Webapps exploit for php platform
idEDB-ID:28599
last seen2016-02-03
modified2006-09-18
published2006-09-18
reporters3rv3r_hack3r
sourcehttps://www.exploit-db.com/download/28599/
titleNixieAffiliate 1.9 Lostpassword.PHP Cross-Site Scripting Vulnerability

References