CVE-2006-1407

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.

Published: Mar 28, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1407
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
webhost_automation / helm_web_hosting_control_panel	-	3.2.10.x

http://attrition.org/pipermail/vim/2006-March/000654.html
http://pridels0.blogspot.com/2006/03/helm-web-hosting-control-panel-xss.html
http://secunia.com/advisories/19375
http://www.osvdb.org/24125
http://www.osvdb.org/24126
http://www.securityfocus.com/bid/17263
http://www.vupen.com/english/advisories/2006/1093
https://exchange.xforce.ibmcloud.com/vulnerabilities/25470
https://exchange.xforce.ibmcloud.com/vulnerabilities/30309

Vulnerability Database

CVE-2006-1407