6.8
CVE-2006-2063
- EPSS 2.39%
- Veröffentlicht 26.04.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:24:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Leadhound Network ≫ Leadhound Full Version2.1
Leadhound Network ≫ Leadhound Full Version2.1_network_version
Leadhound Network ≫ Leadhound Lite Version2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.39% | 0.818 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html
http://secunia.com/advisories/19867
http://www.osvdb.org/25030
http://www.osvdb.org/25031
http://www.osvdb.org/25032
http://www.osvdb.org/25033
http://www.osvdb.org/25034
http://www.osvdb.org/25035
http://www.osvdb.org/25036
http://www.osvdb.org/25037
http://www.osvdb.org/25038
http://www.osvdb.org/25039
http://www.osvdb.org/25041
http://www.osvdb.org/25042
http://www.osvdb.org/25043
http://www.osvdb.org/25044
http://www.osvdb.org/25045
http://www.osvdb.org/25046
http://www.osvdb.org/25047
http://www.osvdb.org/25048
http://www.osvdb.org/25049
http://www.osvdb.org/25050
http://www.osvdb.org/25051
http://www.osvdb.org/25052
http://www.osvdb.org/25053
http://www.osvdb.org/25054
http://www.osvdb.org/25055
http://www.osvdb.org/25056
http://www.osvdb.org/25057
http://www.osvdb.org/25058
http://www.osvdb.org/25059
http://www.osvdb.org/25060