Vulnerabilities > CVE-2006-5090 - Cross-Site Scripting vulnerability in Phoenix Evolution CMS

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
phoenix-evolution
exploit available
NVD
Published: 2006-09-29
Updated: 2008-11-15

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Phoenix_Evolution
1

Exploit-Db

  • descriptionPhoenix Evolution CMS index.php Multiple Parameter XSS. CVE-2006-5090. Webapps exploit for php platform
    idEDB-ID:28692
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterRoot3r_H3ll
    sourcehttps://www.exploit-db.com/download/28692/
    titlePhoenix Evolution CMS index.php Multiple Parameter XSS
  • descriptionPhoenix Evolution CMS modules/pageedit/index.php pageid Parameter XSS. CVE-2006-5090. Webapps exploit for php platform
    idEDB-ID:28693
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterRoot3r_H3ll
    sourcehttps://www.exploit-db.com/download/28693/
    titlePhoenix Evolution CMS modules/pageedit/index.php pageid Parameter XSS

References