Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coolphp | Coolphp Magazine | - |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/1029
- http://www.securityfocus.com/archive/1/435309/100/0/threaded
- http://www.securityfocus.com/bid/18124
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26950
- http://securityreason.com/securityalert/1029
- http://www.securityfocus.com/archive/1/435309/100/0/threaded
- http://www.securityfocus.com/bid/18124
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26950
FAQ
What is CVE-2006-2816?
CVE-2006-2816 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly ...
How severe is CVE-2006-2816?
CVE-2006-2816 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2816?
Check the references section above for vendor advisories and patch information. Affected products include: Coolphp Coolphp Magazine.