CVE-2006-1556
AL-Caricatier 2.5 - Cross-Site Scripting via CatName, CaricatierID, or CatID Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-1556. PoCs published by Linux_Drox.
AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in AL-Caricatier by injecting arbitrary JavaScript code via unsanitized input parameters (CatName, CaricatierID, CatID). The PoC uses simple script tags to trigger an alert with the document cookie, proving the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter.
Exploits (1)
The exploit demonstrates multiple XSS vulnerabilities in AL-Caricatier by injecting arbitrary JavaScript code via unsanitized input parameters (CatName, CaricatierID, CatID). The PoC uses simple script tags to trigger an alert with the document cookie, proving the vulnerability.