CVE-2006-5530

Published: 26/10/2006 Updated: 06/08/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews prior to 2.34.01 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
boesch it-consulting simpnews 2.13
boesch it-consulting simpnews 2.30
boesch it-consulting simpnews
boesch it-consulting simpnews 2.0.1

source: wwwsecurityfocuscom/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This ma ...

source: wwwsecurityfocuscom/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may ...

CWE-79 http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php http://www.securityfocus.com/bid/20714 http://secunia.com/advisories/22535 http://www.vupen.com/english/advisories/2006/4162 https://nvd.nist.gov https://www.exploit-db.com/exploits/28859/

CVE-2006-5530

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect