CVE-2006-2063

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.

📅 Published

April 26, 2006

🔄 Last Modified

April 16, 2026

🔗 References (64)

cve@mitrehttp://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html
cve@mitrehttp://secunia.com/advisories/19867
cve@mitrehttp://www.osvdb.org/25030
cve@mitrehttp://www.osvdb.org/25031
cve@mitrehttp://www.osvdb.org/25032
cve@mitrehttp://www.osvdb.org/25033
cve@mitrehttp://www.osvdb.org/25034
cve@mitrehttp://www.osvdb.org/25035
cve@mitrehttp://www.osvdb.org/25036
cve@mitrehttp://www.osvdb.org/25037
cve@mitrehttp://www.osvdb.org/25038
cve@mitrehttp://www.osvdb.org/25039
cve@mitrehttp://www.osvdb.org/25041
cve@mitrehttp://www.osvdb.org/25042
cve@mitrehttp://www.osvdb.org/25043

💥

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2006-2063

Explore →

Is Your Infrastructure Affected by CVE-2006-2063?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs