CVE-2006-6451

SWsoft Plesk <8.0.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.

Exploits (2)

exploitdb WORKING POC VERIFIED

by David Vieira-Kurz · textwebappsphp

https://www.exploit-db.com/exploits/29018

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by David Vieira-Kurz · textwebappsphp

https://www.exploit-db.com/exploits/29017

View Code ZIP pw:eip

References (5)

[Mailing List] http://marc.info/?l=bugtraq&m=116370467532206&w=2

[Exploit, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017236

[Broken Link] http://www.majorsecurity.de/index_2.php?major_rls=major_rls34

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21067

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30320

Scores

EPSS 0.0052

EPSS Percentile 66.4%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

swsoft/plesk < 8.0.1

swsoft/plesk

Timeline

Published Dec 10, 2006

Tracked Since Feb 18, 2026