CVE-2006-1106 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message (2) name (3) url and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure but due to the vagueness of the dispute it is not clear whether the vendor is disputing this particular issue.

Reference

http://forum.pixelpost.org/showthread.php?t=3535 http://www.neosecurityteam.net/index.php?action=advisories&id=19 http://www.securityfocus.com/archive/1/426764/100/0/threaded http://www.securityfocus.com/bid/16964 http://www.vupen.com/english/advisories/2006/0823 https://exchange.xforce.ibmcloud.com/vulnerabilities/25047 Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message (2) name (3) url and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure but due to the vagueness of the dispute it is not clear whether the vendor is disputing this particular issue.

Share on: