Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nathan Landry | N8Cms Sitesuite Cms | 1.1 |
References
- http://biyosecurity.be/bugs/n8cms.txtExploit
- http://secunia.com/advisories/19068Vendor Advisory
- http://securityreason.com/securityalert/562
- http://www.securityfocus.com/archive/1/427222/100/0/threaded
- http://www.securityfocus.com/bid/16858
- http://www.vupen.com/english/advisories/2006/0779
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24975
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25126
- http://biyosecurity.be/bugs/n8cms.txtExploit
- http://secunia.com/advisories/19068Vendor Advisory
- http://securityreason.com/securityalert/562
- http://www.securityfocus.com/archive/1/427222/100/0/threaded
- http://www.securityfocus.com/bid/16858
- http://www.vupen.com/english/advisories/2006/0779
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24975
FAQ
What is CVE-2006-1008?
CVE-2006-1008 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3...
How severe is CVE-2006-1008?
CVE-2006-1008 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1008?
Check the references section above for vendor advisories and patch information. Affected products include: Nathan Landry N8Cms Sitesuite Cms.