CVE-2006-1008

Medium

5.8/10

Summary

Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: NONE
Availability Impact: PARTIAL

References

Advisory Timeline

Published Mar 06, 2006

CVE-2006-1008

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS