CVE-2006-2986

Baby Katie Media vSCAL/vsREAL 1.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Luny · textwebappsphp

https://www.exploit-db.com/exploits/28000

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Luny · textwebappsphp

https://www.exploit-db.com/exploits/27999

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2238

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20533

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18350

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1084

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/436411/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/27095

Scores

EPSS 0.0181

EPSS Percentile 82.9%

Details

Status published

Products (2)

baby_katie_media/very_simple_car_lister 1.0

baby_katie_media/very_simple_realty_lister 1.0

Published Jun 13, 2006

Tracked Since Feb 18, 2026