ID
VAR-200609-0346
CVE
CVE-2006-5090
TITLE
Phoenix Evolution CMS Multiple Cross-Site Scripting Vulnerabilities
Trust: 1.5
DESCRIPTION
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. (1) index.php To mod Parameters (2) index.php To action Parameters (3) modules/pageedit/index.php To pageid Parameters. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks
Trust: 2.61
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | phoenix evolution | model: | cms | scope: | - | version: | - | Trust: 1.4 |
| vendor: | phoenix evolution | model: | cms | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | no | model: | - | scope: | - | version: | - | Trust: 0.6 |
| vendor: | phoenix | model: | evolution phoenix evolution cms | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | phoenix evolution cms | model: | - | scope: | eq | version: | * | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Phoenix Evolution CMS | url: | http://sourceforge.net/projects/pevolution/ | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2006-5090 | Trust: 3.2 |
| db: | BID | id: | 20212 | Trust: 2.5 |
| db: | OSVDB | id: | 33677 | Trust: 1.6 |
| db: | OSVDB | id: | 33676 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2006-7556 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-200609-541 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2006-002197 | Trust: 0.8 |
| db: | IVD | id: | F7720E74-2353-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
REFERENCES
| url: | http://www.securityfocus.com/bid/20212 | Trust: 2.2 |
| url: | http://osvdb.org/33677 | Trust: 1.6 |
| url: | http://osvdb.org/33676 | Trust: 1.6 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5090 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5090 | Trust: 0.8 |
| url: | http://sourceforge.net/projects/pevolution/ | Trust: 0.3 |
CREDITS
Root3r_H3ll is credited with the discovery of these vulnerabilities.
Trust: 0.9
SOURCES
| db: | IVD | id: | f7720e74-2353-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2006-7556 |
| db: | BID | id: | 20212 |
| db: | JVNDB | id: | JVNDB-2006-002197 |
| db: | CNNVD | id: | CNNVD-200609-541 |
| db: | NVD | id: | CVE-2006-5090 |
LAST UPDATE DATE
2024-08-14T14:53:30.534000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2006-7556 | date: | 2006-09-29T00:00:00 |
| db: | BID | id: | 20212 | date: | 2006-09-27T17:56:00 |
| db: | JVNDB | id: | JVNDB-2006-002197 | date: | 2012-09-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-200609-541 | date: | 2006-10-09T00:00:00 |
| db: | NVD | id: | CVE-2006-5090 | date: | 2008-11-15T06:29:57.377 |
SOURCES RELEASE DATE
| db: | IVD | id: | f7720e74-2353-11e6-abef-000c29c66e3d | date: | 2006-09-29T00:00:00 |
| db: | CNVD | id: | CNVD-2006-7556 | date: | 2006-09-29T00:00:00 |
| db: | BID | id: | 20212 | date: | 2006-09-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2006-002197 | date: | 2012-09-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-200609-541 | date: | 2006-09-29T00:00:00 |
| db: | NVD | id: | CVE-2006-5090 | date: | 2006-09-29T20:07:00 |