Description
Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by night_warrior771 · textwebappsphp
https://www.exploit-db.com/exploits/28422
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28495
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1452
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/28072
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21568
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3352
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/443929/100/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19646
Scores
EPSS
0.0710
EPSS Percentile
91.6%
Details
Status
published
Products (1)
dieselscripts/diesel_paid_mail
Published
Aug 27, 2006
Tracked Since
Feb 18, 2026