CVE-2006-0923

Exploit

EPSS 5.22%
Published 28.02.2006 11:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Myphpnuke ≫ Myphpnuke Version <= 1.8.8

Myphpnuke ≫ Myphpnuke Version1.8.8_7

Myphpnuke ≫ Myphpnuke Version1.8.8_8_rc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.22%	0.895

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/19052

http://securityreason.com/securityalert/491

http://www.myphpnuke.com/article.php?sid=1035&mode=thread&order=0

http://www.nukedx.com/?viewdoc=12

Vendor Advisory

Exploit

http://www.securityfocus.com/archive/1/425983/100/0/threaded

http://www.securityfocus.com/bid/16815

http://www.vupen.com/english/advisories/2006/0750

https://exchange.xforce.ibmcloud.com/vulnerabilities/24887

https://nvd.nist.gov/vuln/detail/CVE-2006-0923

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0923

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0923

EUVD