Vulnerabilities > CVE-2006-7004 - Cross-Site Scripting vulnerability in PSY Auction

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
php-script-tools
exploit available
NVD
Published: 2007-02-12
Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part Description Count
Application
Php_Script_Tools
1

Exploit-Db

descriptionPHP Script Tools PSY Auction 0 email_request.php user_id Parameter XSS. CVE-2006-7004. Webapps exploit for php platform
idEDB-ID:27870
last seen2016-02-03
modified2006-05-15
published2006-05-15
reporterLuny
sourcehttps://www.exploit-db.com/download/27870/
titlePHP Script Tools PSY Auction - email_request.php user_id Parameter XSS

References