CVE-2006-5770

Ac4p Mobile - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php.

Exploits (6)

exploitdb WRITEUP VERIFIED
by AL-garnei · textwebappsphp
https://www.exploit-db.com/exploits/28904
exploitdb WRITEUP VERIFIED
by AL-garnei · textwebappsphp
https://www.exploit-db.com/exploits/28903
exploitdb WRITEUP VERIFIED
by AL-garnei · textwebappsphp
https://www.exploit-db.com/exploits/28902
exploitdb WRITEUP VERIFIED
by AL-garnei · textwebappsphp
https://www.exploit-db.com/exploits/28901
exploitdb WRITEUP VERIFIED
by AL-garnei · textwebappsphp
https://www.exploit-db.com/exploits/28900
exploitdb WRITEUP VERIFIED
by AL-garnei · textwebappsphp
https://www.exploit-db.com/exploits/28905

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30007
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/32049
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/32050
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/32051
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/32048
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/32047
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/450496/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20895
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/32046

Scores

EPSS 0.0111
EPSS Percentile 78.2%

Details

Status published
Products (1)
ac4p/ac4p_mobile
Published Nov 06, 2006
Tracked Since Feb 18, 2026