Published: 07/03/2006 Updated: 20/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 465

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS prior to 9.0.6.1 allow remote malicious users to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cpg-nuke dragonfly cms 9.0.3.0
cpg-nuke dragonfly cms 9.0.4.0
cpg-nuke dragonfly cms 9.0.1.1
cpg-nuke dragonfly cms 9.0.2.0
cpg-nuke dragonfly cms 9.0.5.0
cpg-nuke dragonfly cms 9.0.6.0

source: wwwsecurityfocuscom/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may h ...

NVD-CWE-Other http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html http://www.securityfocus.com/bid/16784 http://securitytracker.com/id?1015661 http://secunia.com/advisories/18940 http://www.vupen.com/english/advisories/2006/0688 https://exchange.xforce.ibmcloud.com/vulnerabilities/24843 https://nvd.nist.gov https://www.exploit-db.com/exploits/27266/

Get Started

CVE-2006-1033

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect