Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection.
References
Link | Resource |
---|---|
http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html | |
http://secunia.com/advisories/19889 | Vendor Advisory |
http://www.osvdb.org/25197 | Exploit |
http://www.osvdb.org/25198 | Exploit |
http://www.osvdb.org/25199 | Exploit |
http://www.securityfocus.com/bid/17829 | Exploit |
http://www.vupen.com/english/advisories/2006/1630 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/26202 |
Configurations
History
No history.
Information
Published : 2006-05-04 12:38
Updated : 2024-02-28 10:42
NVD link : CVE-2006-2178
Mitre link : CVE-2006-2178
CVE.ORG link : CVE-2006-2178
JSON object : View
Products Affected
smartwin_technology
- cyberoffice_warehouse_builder
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')