PT-2006-7184 · Scriptmate · Scriptmate User Manager

Published

2006-12-15

Updated

2017-07-29

CVE-2006-6582

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ScriptMate User Manager versions 2.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the members username and members password fields in a login action in "members/default.asp", and the Search box.

Recommendations For ScriptMate User Manager versions 2.1 and earlier, consider disabling the login functionality in members/default.asp and restricting access to the Search box until a fix is available. Avoid using the members username and members password fields in the login action until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6582

Affected Products

Scriptmate User Manager

PT-2006-7184 · Scriptmate · Scriptmate User Manager

CVE-2006-6582

Related Identifiers

Affected Products

References · 6