CVE-2006-3189

HotPlug CMS 1.0 - Cross-Site Scripting via msg Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3189. PoCs published by Federico Fazzi.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in HotPlug CMS, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'msg' parameter.

Description

Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Federico Fazzi · textwebappsphp
https://www.exploit-db.com/exploits/28031

The provided text describes a cross-site scripting (XSS) vulnerability in HotPlug CMS, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'msg' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: HotPlug CMS
No auth needed
Prerequisites: Access to the vulnerable HotPlug CMS login page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016321
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2403
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18454
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27201
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=115041611713385&w=2

Scores

EPSS 0.0168
EPSS Percentile 73.8%

Details

Status published
Products (1)
hotplug_cms/hotplug_cms 1.0
Published Jun 23, 2006
Tracked Since Feb 18, 2026