CVE-2006-2063 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1 and probably the Network Version \Full Version\ allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl (2) agent_help.pl (3) agent_faq.pl (4) agent_help_insert.pl (5) sign_out.pl (6) members.pl (7) modify_agent_1.pl (8) modify_agent_2.pl (9) modify_agent.pl (10) agent_links.pl (11) agent_stats_pending_leads.pl (12) agent_logoff.pl (13) agent_rev_det.pl (14) agent_subaffiliates.pl (15) agent_stats_pending_leads.pl (16) agent_transactions.pl (17) agent_payment_history.pl (18) agent_summary.pl (19) agent_camp_all.pl (20) agent_camp_new.pl (21) agent_camp_notsub.pl (22) agent_campaign.pl (23) agent_camp_expired.pl (24) agent_stats_det.pl (25) agent_stats.pl (26) agent_camp_det.pl (27) agent_camp_sub.pl (28) agent_affil_list.pl and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl (31) agent_help_insert.pl (32) members.pl (33) modify_agent_1.pl (34) modify_agent_2.pl (35) modify_agent.pl (36) agent_links.pl (37) agent_subaffiliates.pl (38) agent_stats_pending_leads.pl (39) agent_transactions.pl (40) agent_summary.pl (41) agent_camp_all.pl (42) agent_camp_new.pl (43) agent_camp_notsub.pl (44) agent_campaign.pl (45) agent_camp_expired.pl (46) agent_stats.pl (47) agent_camp_det.pl (48) agent_camp_sub.pl (49) agent_affil_list.pl and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl (52) agent_subaffiliates.pl and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl (56) agent_subaffiliates.pl (57) agent_transactions.pl and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl (60) agent_transactions.pl and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.

Reference

http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html http://secunia.com/advisories/19867 http://www.osvdb.org/25030 http://www.osvdb.org/25031 http://www.osvdb.org/25032 http://www.osvdb.org/25033 http://www.osvdb.org/25034 http://www.osvdb.org/25035 http://www.osvdb.org/25036 http://www.osvdb.org/25037 http://www.osvdb.org/25038 http://www.osvdb.org/25039 http://www.osvdb.org/25041 http://www.osvdb.org/25042 http://www.osvdb.org/25043 http://www.osvdb.org/25044 http://www.osvdb.org/25045 http://www.osvdb.org/25046 http://www.osvdb.org/25047 http://www.osvdb.org/25048 http://www.osvdb.org/25049 http://www.osvdb.org/25050 http://www.osvdb.org/25051 http://www.osvdb.org/25052 http://www.osvdb.org/25053 http://www.osvdb.org/25054 http://www.osvdb.org/25055 http://www.osvdb.org/25056 http://www.osvdb.org/25057 http://www.osvdb.org/25058 http://www.osvdb.org/25059 http://www.osvdb.org/25060

Share on: