CVE-2006-1008

N8cms 1.1-1.2 - Cross-Site Scripting via dir, page_id, and userid Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-1008. PoCs published by Liz0ziM.

AI-analyzed exploit summary The provided text describes an XSS vulnerability in the 'n8cms' script due to improper input sanitization. It includes a sample exploit URL but lacks executable code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Liz0ziM · textwebappsphp
https://www.exploit-db.com/exploits/27332

The provided text describes an XSS vulnerability in the 'n8cms' script due to improper input sanitization. It includes a sample exploit URL but lacks executable code.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: n8cms (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable 'mailto.php' endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Liz0ziM · textwebappsphp
https://www.exploit-db.com/exploits/27331

The provided text describes an XSS vulnerability in the 'n8cms' script due to improper input sanitization. It includes example URLs demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: n8cms (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/562
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24975
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0779
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/427222/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19068
Exploit x_refsource_misc
http://biyosecurity.be/bugs/n8cms.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25126
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16858

Scores

EPSS 0.0164
EPSS Percentile 73.3%

Details

Status published
Products (3)
nathan_landry/n8cms_sitesuite_cms 1.1
nathan_landry/n8cms_sitesuite_cms 1.2
nathan_landry/n8cms_sitesuite_cms 1.12
Published Mar 06, 2006
Tracked Since Feb 18, 2026