CVE-2006-5984

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable.

🔗 References (16)

cve@mitrehttp://aria-security.net/advisory/helm.txt
cve@mitrehttp://secunia.com/advisories/22916
cve@mitrehttp://securityreason.com/securityalert/1884
cve@mitrehttp://securitytracker.com/id?1017240
cve@mitrehttp://www.securityfocus.com/archive/1/451737/100/0/threaded
cve@mitrehttp://www.securityfocus.com/archive/1/451848/100/200/threaded
cve@mitrehttp://www.vupen.com/english/advisories/2006/4557
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/30309
af854a3a-2127-422b-91ae-364da2661108http://aria-security.net/advisory/helm.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22916
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1884
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017240
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/451737/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/451848/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4557

Is Your Infrastructure Affected by CVE-2006-5984?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2006-5984

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2006-5984?