Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2006-3539

Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.2%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2006-3539


Products
Pricing
Contact Us

Shodan ® - All rights reserved