CVE-2006-4206

ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode - Cross-Site Scripting via calendarID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4206. PoCs published by MizoZ.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in ASPPlayground.NET Forum Advanced Edition version 2.4.5. The vulnerability arises from insufficient sanitization of user-supplied input in the calendar.asp page, allowing arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by MizoZ · textwebappsasp

https://www.exploit-db.com/exploits/28742

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in ASPPlayground.NET Forum Advanced Edition version 2.4.5. The vulnerability arises from insufficient sanitization of user-supplied input in the calendar.asp page, allowing arbitrary script execution in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ASPPlayground.NET Forum Advanced Edition 2.4.5

No auth needed

Prerequisites: Access to the vulnerable calendar.asp page

MITRE ATT&CK