CVE-2006-2951

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php.

Published: Jun 12, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2951
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
npds / npds	-	5.10.x
npds / npds	5.0	5.0.x
npds / npds	4.8	4.8.x

http://secunia.com/advisories/20523
http://securityreason.com/securityalert/1076
http://www.acid-root.new.fr/advisories/npds510.txt
http://www.osvdb.org/26292
http://www.osvdb.org/26293
http://www.osvdb.org/26294
http://www.osvdb.org/26295
http://www.osvdb.org/26296
http://www.securityfocus.com/archive/1/436442/100/0/threaded
http://www.securityfocus.com/bid/18383
http://www.vupen.com/english/advisories/2006/2233
https://exchange.xforce.ibmcloud.com/vulnerabilities/27123

Vulnerability Database

290,206

CVE-2006-2951