CVSS: 2.6EPSS: 3%CPEs: 1EXPL: 4CVE-2006-5451
https://notcve.org/view.php?id=CVE-2006-5451
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TorrentFlux 2.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante las variables de tipo array (1) action, (2) file, y (3) users en (a) admin.php, las cuales no son manejadas adecuadamente cuando el administrador mira el registro de actividad (Activity Log); y el parámetro (2) torrent, tal y como se usa en la variable displayName, en (b) startpop.php, vectores diferentes de CVE-2006-5227. • http://secunia.com/advisories/22384 http://www.securityfocus.com/archive/1/448619/100/100/threaded http://www.securityfocus.com/archive/1/448947/100/0/threaded http://www.securityfocus.com/archive/1/448948/100/0/threaded http://www.securityfocus.com/archive/1/448952/100/0/threaded http://www.securityfocus.com/bid/20534 http://www.stevenroddis.com.au/2006/10/13/torrentflux-startpopphp-torrent-script-insertion http://www.stevenroddis.com.au/2006/10/17/torrentflux-action-script-inse • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 2CVE-2006-5227
https://notcve.org/view.php?id=CVE-2006-5227
Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admin.php en TorrentFlux 2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la variable $user_agent, probablemente obtenida de la cabecera HTTP User-Agent, y posiblemente (2) la variable $ip_resolved. • http://secunia.com/advisories/22293 http://securityreason.com/securityalert/1706 http://securitytracker.com/id?1017007 http://www.securityfocus.com/archive/1/447836/100/0/threaded http://www.securityfocus.com/bid/20371 http://www.stevenroddis.com.au/2006/10/06/torrentflux-user-agent-xss-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/29374 •