Cross-Site Scripting Vulnerabilities in eNdonesia by Tulis Software
CVE-2006-6871

Currently unrated

Key Information:

Vendor

Endonesia

Status
Endonesia
Vendor
CVE Published:
31 December 2006

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2006-6871?

Multiple vulnerabilities in eNdonesia 8.4 enable remote attackers to inject arbitrary web scripts or HTML. These weaknesses are found in various parameters within key modules, including 'mod.php' and 'friend.php', allowing for potential exploitation via the 'mod' and 'intypeid' parameters, as well as user input fields like 'your Friend' and 'Main Text'. Attackers can leverage these vulnerabilities to launch XSS attacks, compromising user interactions and potentially leading to further system breaches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31116
vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2006/5187
vdb-entryx_refsource_VUPEN
https://www.exploit-db.com/exploits/3004
exploitx_refsource_EXPLOIT-DB

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

.