CVE-2006-1535

Phoetux.net PhxContacts <0.93.1 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1535. PoCs published by DaBDouB-MoSiKaR.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in PhxContacts versions 0.93.1 and prior, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'm' parameter in login.php.

Description

Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by DaBDouB-MoSiKaR · textwebappsphp
https://www.exploit-db.com/exploits/27512

The provided text describes a cross-site scripting (XSS) vulnerability in PhxContacts versions 0.93.1 and prior, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'm' parameter in login.php.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PhxContacts <= 0.93.1
No auth needed
Prerequisites: Access to the vulnerable application URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17307
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/429259/100/0/threaded

Scores

EPSS 0.0135
EPSS Percentile 67.9%

Details

Status published
Products (2)
phoetux.net/phxcontacts 0.93
phoetux.net/phxcontacts 0.93.1
Published Mar 30, 2006
Tracked Since Feb 18, 2026