CVE-2006-5827

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters.

Published: Nov 10, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5827
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpcomasy / phpcomasy	0.7.4	0.7.4.x
phpcomasy / phpcomasy	0.7.9pre	0.7.9pre.x
phpcomasy / phpcomasy	0.7.5	0.7.5.x

http://secunia.com/advisories/22760
http://securityreason.com/securityalert/1843
http://www.majorsecurity.de/index_2.php?major_rls=major_rls32
http://www.securityfocus.com/archive/1/450712
http://www.securityfocus.com/bid/20938
https://exchange.xforce.ibmcloud.com/vulnerabilities/30053

Vulnerability Database

290,020

CVE-2006-5827