Vulnerabilities > CVE-2006-5626 - Cross-Site Scripting vulnerability in phpFaber CMS

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
phpfaber
exploit available

Summary

Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability; the software was updated without changing the version number. This vulnerability is addressed in the following product update: phpFaber, phpFaber Content Management System, 1.3.36 20061026

Vulnerable Configurations

Part Description Count
Application
Phpfaber
1

Exploit-Db

descriptionphpFaber CMS 1.3.36 Htmlarea.PHP Cross-Site Scripting Vulnerability. CVE-2006-5626. Webapps exploit for php platform
idEDB-ID:28882
last seen2016-02-03
modified2005-10-30
published2005-10-30
reporterVigilon
sourcehttps://www.exploit-db.com/download/28882/
titlephpFaber CMS 1.3.36 Htmlarea.PHP Cross-Site Scripting Vulnerability