CVE-2006-1144

HitHost 1.0.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Retard · textwebappsphp

https://www.exploit-db.com/exploits/27372

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Retard · textwebappsphp

https://www.exploit-db.com/exploits/27371

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25105

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/23758

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17025

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19155

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/426931/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/23757

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/0886

Scores

EPSS 0.0135

EPSS Percentile 80.2%

Details

Status published

Products (1)

david_ravenscroft/hithost 1.0.0

Published Mar 10, 2006

Tracked Since Feb 18, 2026