CVE-2006-3385

Vincent Leclercq News 5.2 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by DarkFig · textwebappsphp
https://www.exploit-db.com/exploits/28146

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27505
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438859/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2642
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20936
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18775
Vendor Advisory x_refsource_misc
http://www.acid-root.new.fr/advisories/news52.txt

Scores

EPSS 0.0062
EPSS Percentile 70.2%

Details

Status published
Products (1)
vincent_leclercq/news 5.2
Published Jul 06, 2006
Tracked Since Feb 18, 2026