CVE-2006-3189

HotPlug CMS 1.0 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Federico Fazzi · textwebappsphp
https://www.exploit-db.com/exploits/28031

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016321
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2403
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18454
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27201
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=115041611713385&w=2

Scores

EPSS 0.0348
EPSS Percentile 87.6%

Details

Status published
Products (1)
hotplug_cms/hotplug_cms 1.0
Published Jun 23, 2006
Tracked Since Feb 18, 2026