Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Andy Grayndler | Andys Php Knowledgebase | 0.57 |
References
- http://osvdb.org/ref/24/24310-aphpkb.txt
- http://secunia.com/advisories/19554
- http://www.osvdb.org/24310
- http://www.osvdb.org/24311
- http://www.osvdb.org/24312
- http://www.securityfocus.com/bid/17377
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25666
- http://osvdb.org/ref/24/24310-aphpkb.txt
- http://secunia.com/advisories/19554
- http://www.osvdb.org/24310
- http://www.osvdb.org/24311
- http://www.osvdb.org/24312
- http://www.securityfocus.com/bid/17377
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25666
FAQ
What is CVE-2006-1438?
CVE-2006-1438 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) in...
How severe is CVE-2006-1438?
CVE-2006-1438 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1438?
Check the references section above for vendor advisories and patch information. Affected products include: Andy Grayndler Andys Php Knowledgebase.