Vulnerabilities > CVE-2006-5090 - Cross-Site Scripting vulnerability in Phoenix Evolution CMS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Phoenix Evolution CMS index.php Multiple Parameter XSS. CVE-2006-5090. Webapps exploit for php platform id EDB-ID:28692 last seen 2016-02-03 modified 2006-09-26 published 2006-09-26 reporter Root3r_H3ll source https://www.exploit-db.com/download/28692/ title Phoenix Evolution CMS index.php Multiple Parameter XSS description Phoenix Evolution CMS modules/pageedit/index.php pageid Parameter XSS. CVE-2006-5090. Webapps exploit for php platform id EDB-ID:28693 last seen 2016-02-03 modified 2006-09-26 published 2006-09-26 reporter Root3r_H3ll source https://www.exploit-db.com/download/28693/ title Phoenix Evolution CMS modules/pageedit/index.php pageid Parameter XSS