Vulnerabilities > CVE-2006-5770 - Cross-Site Scripting vulnerability in Mobile
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description ac4p Mobile MobileNews.php Multiple Parameter XSS. CVE-2006-5770. Webapps exploit for php platform id EDB-ID:28901 last seen 2016-02-03 modified 2006-11-03 published 2006-11-03 reporter AL-garnei source https://www.exploit-db.com/download/28901/ title ac4p Mobile MobileNews.php Multiple Parameter XSS description ac4p Mobile index.php Multiple Parameter XSS. CVE-2006-5770. Webapps exploit for php platform id EDB-ID:28900 last seen 2016-02-03 modified 2006-11-03 published 2006-11-03 reporter AL-garnei source https://www.exploit-db.com/download/28900/ title ac4p Mobile index.php Multiple Parameter XSS description ac4p Mobile send.php cats Parameter XSS. CVE-2006-5770. Webapps exploit for php platform id EDB-ID:28903 last seen 2016-02-03 modified 2006-11-03 published 2006-11-03 reporter AL-garnei source https://www.exploit-db.com/download/28903/ title ac4p Mobile send.php cats Parameter XSS description ac4p Mobile polls.php Multiple Parameter XSS. CVE-2006-5770. Webapps exploit for php platform id EDB-ID:28902 last seen 2016-02-03 modified 2006-11-03 published 2006-11-03 reporter AL-garnei source https://www.exploit-db.com/download/28902/ title ac4p Mobile polls.php Multiple Parameter XSS description ac4p Mobile up.php Multiple Parameter XSS. CVE-2006-5770. Webapps exploit for php platform id EDB-ID:28904 last seen 2016-02-03 modified 2006-11-03 published 2006-11-03 reporter AL-garnei source https://www.exploit-db.com/download/28904/ title ac4p Mobile up.php Multiple Parameter XSS description ac4p Mobile cp/index.php pagenav Parameter XSS. CVE-2006-5770. Webapps exploit for php platform id EDB-ID:28905 last seen 2016-02-03 modified 2006-11-03 published 2006-11-03 reporter AL-garnei source https://www.exploit-db.com/download/28905/ title ac4p Mobile cp/index.php pagenav Parameter XSS
References
- http://www.osvdb.org/32046
- http://www.osvdb.org/32047
- http://www.osvdb.org/32048
- http://www.osvdb.org/32049
- http://www.osvdb.org/32050
- http://www.osvdb.org/32051
- http://www.securityfocus.com/archive/1/450496/100/0/threaded
- http://www.securityfocus.com/bid/20895
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30007