PT-2006-3491 · Xtreme · Xtreme Topsites

Luny

Published

2006-05-23

Updated

2018-10-18

CVE-2006-2545

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Xtreme Topsites version 1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially resulting from SQL injection. This is achieved via the id parameter in "stats.php" and unspecified inputs in "lostid.php", likely including the searchthis parameter.

Recommendations For Xtreme Topsites version 1.1, avoid using the id parameter in "stats.php" and the searchthis parameter in "lostid.php" until a fix is available. As a temporary workaround, consider restricting access to "stats.php" and "lostid.php" to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2006-2545

Affected Products

Xtreme Topsites

PT-2006-3491 · Xtreme · Xtreme Topsites

CVE-2006-2545

Weakness Enumeration

Related Identifiers

Affected Products

References · 8