CVE-2006-5530 – Simpnews 2.x - 'index.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-5530

Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Vulnerabilidades de cruce de sitios en scripts (XSS) en Boesch SimpNews versiones anteriores a 2.34.01 permiten a atacantes remotos inyectar scripts WEB o HTML mediante parámetros sin especificar en (1) admin/index.php, (2) admin/pwlost.php, y otros filos sin especificar. NOTA. El origen de esta información es desconocido; los detalles se han obtenido a partir de información de terceros. • https://www.exploit-db.com/exploits/28858 https://www.exploit-db.com/exploits/28859 http://secunia.com/advisories/22535 http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php http://www.securityfocus.com/bid/20714 http://www.vupen.com/english/advisories/2006/4162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •