CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-1082

Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.9%

CVSS Severity

CVSS v2 Score 4.3

References

http://secunia.com/advisories/19124
http://securityreason.com/securityalert/533
http://www.securityfocus.com/archive/1/426755/100/0/threaded
http://www.securityfocus.com/bid/16957
http://www.vupen.com/english/advisories/2006/0821
http://secunia.com/advisories/19124
http://securityreason.com/securityalert/533
http://www.securityfocus.com/archive/1/426755/100/0/threaded
http://www.securityfocus.com/bid/16957
http://www.vupen.com/english/advisories/2006/0821

Products affected by CVE-2006-1082

Phparcadescript » Phparcadescript » Version: 2.0

cpe:2.3:a:phparcadescript:phparcadescript:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1082

Products

Pricing

Contact Us