CVE-2006-5059

Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php.

Published: Sep 28, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5059
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
wired_community_software / wwwthreads	-	5.4.2.x
wired_community_software / wwwthreads	5.4	5.4.x
wired_community_software / wwwthreads	rc3	rc3.x

http://secunia.com/advisories/22211
http://securityreason.com/securityalert/1645
http://www.securityfocus.com/archive/1/446911/100/0/threaded
http://www.securityfocus.com/bid/20178
http://www.vupen.com/english/advisories/2006/3858

Vulnerability Database

CVE-2006-5059

Deep Security Visibility Without the Complexity