PT-2006-4629 · Top Xl · Top Xl
Aesthetico
+1
·
Published
2006-07-21
·
Updated
2018-10-17
·
CVE-2006-3769
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Top XL versions 1.1 and earlier
Description
The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. This is achieved via the
pass and pass2 parameters in "add.php" or the id parameter in "members/index.php".Recommendations
For Top XL versions 1.1 and earlier, consider restricting access to the "add.php" and "members/index.php" scripts until a fix is available. As a temporary workaround, avoid using the
pass, pass2, and id parameters in the affected API endpoints.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Top Xl