PT-2006-2737 · Bitweaver · Bitweaver

Published

2006-04-12

Updated

2011-03-08

CVE-2006-1745

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Bitweaver version 1.3

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the error parameter in the "login.php" file.

Recommendations: For version 1.3, consider restricting access to the login.php file until a fix is available, or avoid using the error parameter in this context to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1745

Affected Products

Bitweaver

PT-2006-2737 · Bitweaver · Bitweaver

CVE-2006-1745

Related Identifiers

Affected Products

References · 6