Cross-Site Scripting Vulnerabilities in Phoenix Evolution CMS by Unknown Vendor
CVE-2006-5090

Currently unrated

Key Information:

Vendor: Phoenix Evolution
Status: Phoenix Evolution Cms
Vendor: CVE Published:; 29 September 2006

🔔 Create Phoenix Evolution Vulnerability Alert

What is CVE-2006-5090?

Multiple cross-site scripting (XSS) vulnerabilities exist in the Phoenix Evolution CMS (PECMS), enabling remote attackers to inject arbitrary scripts or HTML code. These vulnerabilities can be exploited via parameters such as 'mod' or 'action' in the index.php file, as well as through the 'pageid' parameter in the modules/pageedit/index.php file. If unaddressed, these flaws can lead to unauthorized actions and exposure of sensitive user information.

References

http://osvdb.org/33676

vdb-entryx_refsource_OSVDB

http://osvdb.org/33677

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/20212

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2006
Vulnerability Reserved
Sep 29, 2006

CVE-2006-5090 Data

JSON