CVE-2006-2672 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php (b) index_other.php or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php (3) id parameter to (e) images.php or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.

Reference

http://secunia.com/advisories/20286 http://securityreason.com/securityalert/988 http://www.osvdb.org/25772 http://www.osvdb.org/25773 http://www.osvdb.org/25774 http://www.osvdb.org/25775 http://www.securityfocus.com/archive/1/435012/100/0/threaded http://www.vupen.com/english/advisories/2006/1985 https://exchange.xforce.ibmcloud.com/vulnerabilities/26677

Share on: