Vulnerabilities > CVE-2006-6389 - Scripts Multiple Cross-Site Scripting vulnerability in Mobile

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

ac4p

exploit available

NVD

Published: 2006-12-08

Updated: 2018-10-17

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.

Vulnerable Configurations

Part	Description	Count
Application	Ac4P Ac4P Ac4P Mobile *	1

Exploit-Db

description	ac4p Mobile up.php Taaa Parameter XSS. CVE-2006-6389. Webapps exploit for php platform
id	EDB-ID:29225
last seen	2016-02-03
modified	2006-12-04
published	2006-12-04
reporter	SwEET-DeViL
source	https://www.exploit-db.com/download/29225/
title	ac4p Mobile up.php Taaa Parameter XSS

description	ac4p Mobile polls.php Multiple Parameter XSS. CVE-2006-6389. Webapps exploit for php platform
id	EDB-ID:29226
last seen	2016-02-03
modified	2006-12-04
published	2006-12-04
reporter	SwEET-DeViL
source	https://www.exploit-db.com/download/29226/
title	ac4p Mobile polls.php Multiple Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References