Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.
References
Link | Resource |
---|---|
http://marc.info/?l=full-disclosure&m=115464286427745&w=2 | Exploit Mailing List |
http://secunia.com/advisories/21357 | Permissions Required Third Party Advisory |
http://www.securityfocus.com/archive/1/442205/100/200/threaded | |
http://www.securityfocus.com/bid/19343 | Exploit Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2006/3155 | Not Applicable |
https://exchange.xforce.ibmcloud.com/vulnerabilities/28219 | |
http://marc.info/?l=full-disclosure&m=115464286427745&w=2 | Exploit Mailing List |
http://secunia.com/advisories/21357 | Permissions Required Third Party Advisory |
http://www.securityfocus.com/archive/1/442205/100/200/threaded | |
http://www.securityfocus.com/bid/19343 | Exploit Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2006/3155 | Not Applicable |
https://exchange.xforce.ibmcloud.com/vulnerabilities/28219 |
Configurations
History
21 Nov 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=full-disclosure&m=115464286427745&w=2 - Exploit, Mailing List | |
References | () http://secunia.com/advisories/21357 - Permissions Required, Third Party Advisory | |
References | () http://www.securityfocus.com/archive/1/442205/100/200/threaded - | |
References | () http://www.securityfocus.com/bid/19343 - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2006/3155 - Not Applicable | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/28219 - |
Information
Published : 2006-08-09 22:04
Updated : 2024-11-21 00:15
NVD link : CVE-2006-4038
Mitre link : CVE-2006-4038
CVE.ORG link : CVE-2006-4038
JSON object : View
Products Affected
chaossoft
- gaestechaos
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')