PT-2006-3863 · I.List · I.List

Published

2006-06-12

Updated

2011-03-08

CVE-2006-2956

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions i.List versions 1.5 beta and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the searchword parameter to "search.php" or the siteurl parameter to "add.php".

Recommendations For i.List versions 1.5 beta and earlier, avoid using the searchword parameter in the "search.php" endpoint and the siteurl parameter in the "add.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "search.php" and "add.php" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2956

Affected Products

I.List

PT-2006-3863 · I.List · I.List

CVE-2006-2956

Related Identifiers

Affected Products

References · 6