CVE-2006-0220
published 2006-01-16CVE-2006-0220: Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.09%
61.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
| codeworx_technologies | dcp-portal | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9jcq-wqvg-vp8r: Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2006-1120 [MEDIUM] GHSA-9jcq-wqvg-vp8r: Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q
GHSA
GHSA-88h7-xm9m-w3q6: Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-0220 [HIGH] GHSA-88h7-xm9m-w3q6: Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/421914/100/0/threadedhttp://www.securityfocus.com/bid/16232https://exchange.xforce.ibmcloud.com/vulnerabilities/24153http://www.securityfocus.com/archive/1/421914/100/0/threadedhttp://www.securityfocus.com/bid/16232https://exchange.xforce.ibmcloud.com/vulnerabilities/24153
2006-01-16
Published