Published: 06/03/2006 Updated: 18/10/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 590

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nathan landry n8cms sitesuite cms 1.2
nathan landry n8cms sitesuite cms 1.1
nathan landry n8cms sitesuite cms 1.12

source: wwwsecurityfocuscom/bid/16858/info The 'n8cms' script is prone to multiple input-validation vulnerabilities These issues are due to the application's failure to properly sanitize user-supplied input Successful exploitation could allow an attacker to compromise the application, access or modify data, steal cookie-based auth ...

source: wwwsecurityfocuscom/bid/16858/info The 'n8cms' script is prone to multiple input-validation vulnerabilities These issues are due to the application's failure to properly sanitize user-supplied input Successful exploitation could allow an attacker to compromise the application, access or modify data, steal cookie-based authen ...

NVD-CWE-Other http://biyosecurity.be/bugs/n8cms.txt http://secunia.com/advisories/19068 http://www.securityfocus.com/bid/16858 http://securityreason.com/securityalert/562 http://www.vupen.com/english/advisories/2006/0779 https://exchange.xforce.ibmcloud.com/vulnerabilities/25126 https://exchange.xforce.ibmcloud.com/vulnerabilities/24975 http://www.securityfocus.com/archive/1/427222/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/27332/

CVE-2006-1008

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect