CVE-2006-5451 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action (2) file and (3) users array variables in (a) admin.php which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter as used by the displayName variable in (b) startpop.php different vectors than CVE-2006-5227.
Reference
http://secunia.com/advisories/22384 http://www.securityfocus.com/archive/1/448619/100/100/threaded http://www.securityfocus.com/archive/1/448947/100/0/threaded http://www.securityfocus.com/archive/1/448948/100/0/threaded http://www.securityfocus.com/archive/1/448952/100/0/threaded http://www.securityfocus.com/bid/20534 http://www.stevenroddis.com.au/2006/10/13/torrentflux-startpopphp-torrent-script-insertion/ http://www.stevenroddis.com.au/2006/10/17/torrentflux-action-script-insertion/ http://www.stevenroddis.com.au/2006/10/17/torrentflux-file-script-insertion/ http://www.stevenroddis.com.au/2006/10/17/torrentflux-user_id-script-insertion/ http://www.vupen.com/english/advisories/2006/4043 https://exchange.xforce.ibmcloud.com/vulnerabilities/29592
Share on: