Published: 10/12/2006 Updated: 29/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
swsoft plesk 7.5
swsoft plesk

source: wwwsecurityfocuscom/bid/21067/info Plesk is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or ...

source: wwwsecurityfocuscom/bid/21067/info Plesk is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to ...

CWE-79 http://www.majorsecurity.de/index_2.php?major_rls=major_rls34 http://www.securityfocus.com/bid/21067 http://securitytracker.com/id?1017236 http://marc.info/?l=bugtraq&m=116370467532206&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/30320 https://nvd.nist.gov https://www.exploit-db.com/exploits/29018/

CVE-2006-6451

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect