CVE-2006-1290 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress (2) act (3) username and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php.
Reference
http://secunia.com/advisories/19258 http://securitytracker.com/id?1015778 http://www.osvdb.org/23932 http://www.osvdb.org/23933 http://www.securityfocus.com/archive/1/427890/100/0/threaded http://www.securityfocus.com/bid/17127 http://www.ush.it/team/ascii/hack-milkeway/advisory.txt http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt http://www.vupen.com/english/advisories/2006/0968 https://exchange.xforce.ibmcloud.com/vulnerabilities/25288
Share on: