PT-2006-2652 · Unknown · Chucky A. Ivey N.T.

Aliaksandr Hartsuyeu

Published

2006-04-07

Updated

2018-10-18

CVE-2006-1657

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Chucky A. Ivey N.T. version 1.1.0

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the username parameter when the administrator views the "Login Log" page. This occurs because the username parameter is not properly filtered.

Recommendations: For Chucky A. Ivey N.T. version 1.1.0, consider filtering or sanitizing the username parameter to prevent injection of malicious scripts or HTML when viewing the "Login Log" page. As a temporary workaround, restrict access to the "Login Log" page until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1657

Affected Products

Chucky A. Ivey N.T.

PT-2006-2652 · Unknown · Chucky A. Ivey N.T.

CVE-2006-1657

Related Identifiers

Affected Products

References · 9