Vulnerabilities > CVE-2006-6928 - SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Grandora Rialto 1.6 searchkey.asp Keyword Parameter XSS. CVE-2006-6928. Webapps exploit for asp platform id EDB-ID:29115 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29115/ title Grandora Rialto 1.6 - searchkey.asp Keyword Parameter XSS description Grandora Rialto 1.6 listmain.asp cat Parameter XSS. CVE-2006-6928. Webapps exploit for asp platform id EDB-ID:29114 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29114/ title Grandora Rialto 1.6 listmain.asp cat Parameter XSS description Grandora Rialto 1.6 forminfo.asp refno Parameter XSS. CVE-2006-6928. Webapps exploit for asp platform id EDB-ID:29117 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29117/ title Grandora Rialto 1.6 forminfo.asp refno Parameter XSS description Grandora Rialto 1.6 searchmain.asp cat Parameter XSS. CVE-2006-6928. Webapps exploit for asp platform id EDB-ID:29116 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29116/ title Grandora Rialto 1.6 - searchmain.asp cat Parameter XSS