CVE-2006-4479

Visualshapers Ezcontents - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · textwebappsphp

https://www.exploit-db.com/exploits/28465

View Code ZIP pw:eip

References (8)

[Exploit] http://www.securityfocus.com/bid/19780

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28676

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/444779/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/28319

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016770

[Third Party Advisory] http://secunia.com/advisories/21703

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3420

[Third Party Advisory] http://securityreason.com/securityalert/1479

Scores

EPSS 0.0801

EPSS Percentile 92.0%

Classification

Status draft

Affected Products (1)

visualshapers/ezcontents

Timeline

Published Aug 31, 2006

Tracked Since Feb 18, 2026