CVE-2006-2746

Published: 01/06/2006 Updated: 18/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.

Vulnerable Product	Search on Vulmon	Subscribe to Product
facile interactive web facile interactive web 0.8.41
facile interactive web facile interactive web

F@cile Interactive Web <= 08x Multiple Remote Vulnerabilities Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedxcom web: wwwnukedxcom This exploits works on F@cile Interactive Web <= 08x Original advisory can be found at: wwwnukedxcom/?viewdoc=35 File Inclusion Vulnerabilities [victim]/[FacilePath]/p-popupgalleryphp?l=ht ...

NVD-CWE-Other http://www.nukedx.com/?getxpl=35 http://www.nukedx.com/?viewdoc=35 http://www.securityfocus.com/bid/18151 http://secunia.com/advisories/20358 http://www.osvdb.org/26104 http://www.osvdb.org/26105 http://securityreason.com/securityalert/1010 http://www.vupen.com/english/advisories/2006/2036 http://www.securityfocus.com/archive/1/435283/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1841/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-2746

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect