Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Facile Interactive Web | Facile Interactive Web | <= 0.8.5 |
References
- http://secunia.com/advisories/20358ExploitVendor Advisory
- http://securityreason.com/securityalert/1010
- http://www.nukedx.com/?getxpl=35Exploit
- http://www.nukedx.com/?viewdoc=35ExploitVendor Advisory
- http://www.osvdb.org/26104
- http://www.osvdb.org/26105
- http://www.securityfocus.com/archive/1/435283/100/0/threaded
- http://www.securityfocus.com/bid/18151Exploit
- http://www.vupen.com/english/advisories/2006/2036
- http://secunia.com/advisories/20358ExploitVendor Advisory
- http://securityreason.com/securityalert/1010
- http://www.nukedx.com/?getxpl=35Exploit
- http://www.nukedx.com/?viewdoc=35ExploitVendor Advisory
- http://www.osvdb.org/26104
- http://www.osvdb.org/26105
FAQ
What is CVE-2006-2746?
CVE-2006-2746 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, a...
How severe is CVE-2006-2746?
CVE-2006-2746 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2746?
Check the references section above for vendor advisories and patch information. Affected products include: Facile Interactive Web Facile Interactive Web.