1. CVE-Search
  2. CVE-2006-1430
ID CVE-2006-1430
Summary Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php.
References
Vulnerable Configurations
  • cpe:2.3:a:controlzx:hms:*:*:*:*:*:*:*:*
    cpe:2.3:a:controlzx:hms:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 17282
misc http://pridels0.blogspot.com/2006/03/controlzx-hms-hosting-management.html
osvdb
  • 24173
  • 24174
  • 24175
  • 24176
secunia 19432
vupen ADV-2006-1131
xf controlzshms-multiple-scripts-xss(25491)
Last major update 20-07-2017 - 01:30
Published 28-03-2006 - 21:02
Last modified 20-07-2017 - 01:30
Back to Top