CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-5626

Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability; the software was updated without changing the version number.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.093

EPSS Ranking 92.4%

CVSS Severity

CVSS v2 Score 4.3

References

http://secunia.com/advisories/22629
http://securityreason.com/securityalert/1802
http://www.securityfocus.com/archive/1/449894/100/0/threaded
http://www.securityfocus.com/bid/20821
http://www.vigilon.com/advisories/vg-phpfaber-24-10-2006.txt
http://www.vigilon.com/resources/102506c.html
http://www.vupen.com/english/advisories/2006/4260
http://secunia.com/advisories/22629
http://securityreason.com/securityalert/1802
http://www.securityfocus.com/archive/1/449894/100/0/threaded
http://www.securityfocus.com/bid/20821
http://www.vigilon.com/advisories/vg-phpfaber-24-10-2006.txt
http://www.vigilon.com/resources/102506c.html
http://www.vupen.com/english/advisories/2006/4260

Products affected by CVE-2006-5626

Phpfaber » Phpfaber Content Management System » Version: Any

cpe:2.3:a:phpfaber:phpfaber_content_management_system:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-5626

Products

Pricing

Contact Us