CVE-2006-1407 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.

Reference

http://attrition.org/pipermail/vim/2006-March/000654.html http://pridels0.blogspot.com/2006/03/helm-web-hosting-control-panel-xss.html http://secunia.com/advisories/19375 http://www.osvdb.org/24125 http://www.osvdb.org/24126 http://www.securityfocus.com/bid/17263 http://www.vupen.com/english/advisories/2006/1093 https://exchange.xforce.ibmcloud.com/vulnerabilities/25470 https://exchange.xforce.ibmcloud.com/vulnerabilities/30309