Vulnerabilities > CVE-2006-4917 - Cross-Site Scripting vulnerability in PT News PT News 1.7.8

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

pt-news

exploit available

NVD

Published: 2006-09-21

Updated: 2018-10-17

Summary

Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.

Vulnerable Configurations

Part	Description	Count
Application	Pt_News PT News PT News 1.7.8	1

Exploit-Db

description	PT News 1.7.8 Search.PHP Cross-Site Scripting Vulnerability. CVE-2006-4917. Webapps exploit for php platform
id	EDB-ID:28601
last seen	2016-02-03
modified	2006-09-18
published	2006-09-18
reporter	Snake
source	https://www.exploit-db.com/download/28601/
title	PT News 1.7.8 - Search.PHP Cross-Site Scripting Vulnerability

References

http://secunia.com/advisories/22028
http://securityreason.com/securityalert/1612
http://www.securityfocus.com/archive/1/446417/100/0/threaded
http://www.securityfocus.com/bid/20090
http://www.vupen.com/english/advisories/2006/3713
https://exchange.xforce.ibmcloud.com/vulnerabilities/29043