Cross-Site Scripting Flaw in phpwcms by phpwcms.org
CVE-2006-2518

Currently unrated

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 22 May 2006

What is CVE-2006-2518?

A cross-site scripting vulnerability exists in phpwcms 1.2.5-DEV, where remote attackers can exploit the BL[be_cnt_plainhtml] parameter to inject arbitrary web scripts or HTML into the application. This weakness can potentially compromise user sessions and allow attackers to execute malicious web content in users' browsers.

References

http://www.securityfocus.com/bid/18063

vdb-entryx_refsource_BID

http://secunia.com/advisories/20239

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/1934

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
May 22, 2006
Vulnerability Reserved
May 22, 2006

JSON

PHPwcms

What is CVE-2006-2518?

References

Timeline