Description
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/29225
exploitdb
WRITEUP
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/29226
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/37048
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21427
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/453428/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2018
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/37047
Scores
EPSS
0.0061
EPSS Percentile
70.0%
Details
Status
published
Products (1)
ac4p/ac4p_mobile
Published
Dec 08, 2006
Tracked Since
Feb 18, 2026