Vulnerabilities > CVE-2006-6769 - Cross-Site Scripting vulnerability in PHP Live PHP Live 2.8.1/3.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
description PHP Live! 3.2.2 index.php l Parameter XSS. CVE-2006-6769. Webapps exploit for php platform id EDB-ID:29340 last seen 2016-02-03 modified 2006-12-25 published 2006-12-25 reporter Hackers Center Security source https://www.exploit-db.com/download/29340/ title PHP Live! 3.2.2 index.php l Parameter XSS description PHP Live! 3.2.2 phplive/message_box.php Multiple Parameter XSS. CVE-2006-6769. Webapps exploit for php platform id EDB-ID:29341 last seen 2016-02-03 modified 2006-12-25 published 2006-12-25 reporter Hackers Center Security source https://www.exploit-db.com/download/29341/ title PHP Live! 3.2.2 phplive/message_box.php Multiple Parameter XSS description PHP Live! 3.2.2 setup/transcripts.php search_string Parameter XSS. CVE-2006-6769. Webapps exploit for php platform id EDB-ID:29339 last seen 2016-02-03 modified 2006-12-25 published 2006-12-25 reporter Hackers Center Security source https://www.exploit-db.com/download/29339/ title PHP Live! 3.2.2 setup/transcripts.php search_string Parameter XSS