Vulnerabilities > CVE-2006-6871 - Scripts Multiple Input Validation vulnerability in Endonesia 8.4
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | eNdonesia 8.4 (mod.php/friend.php/admin.php) Multiple Vulnerabilities. CVE-2006-6871,CVE-2006-6872,CVE-2006-6873. Webapps exploit for php platform |
| file | exploits/php/webapps/3004.txt |
| id | EDB-ID:3004 |
| last seen | 2016-01-31 |
| modified | 2006-12-25 |
| platform | php |
| port | |
| published | 2006-12-25 |
| reporter | z1ckX(ru) |
| source | https://www.exploit-db.com/download/3004/ |
| title | eNdonesia 8.4 mod.php/friend.php/admin.php Multiple Vulnerabilities |
| type | webapps |