PT-2006-3566 · Mtl · Monster Top List

V8F3

Publicado

2006-05-30

Atualizado

2018-10-18

CVE-2006-2643

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Monster Top List (MTL) version 1.4

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the user error message parameter in the index.php file.

Recommendations For Monster Top List (MTL) version 1.4, consider restricting access to the user error message parameter in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the user error message parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2643

Produtos afetados

Monster Top List

PT-2006-3566 · Mtl · Monster Top List

CVE-2006-2643

Identificadores relacionados

Produtos afetados

Referências · 4