CVE-2006-3051

SixCMS < 6.0.6patch2 - Cross-Site Scripting via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3051. PoCs published by Aesthetico.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in SixCMS due to improper input sanitization. The example demonstrates how an attacker can inject arbitrary script code via the 'page' parameter in the URL.

Description

Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aesthetico · textwebappsphp

https://www.exploit-db.com/exploits/28013

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in SixCMS due to improper input sanitization. The example demonstrates how an attacker can inject arbitrary script code via the 'page' parameter in the URL.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SixCMS (version not specified)

No auth needed

Prerequisites: Access to a vulnerable SixCMS instance · Ability to craft a malicious URL

MITRE ATT&CK