CVE-2006-0518
published 2006-02-02CVE-2006-0518: Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.82%
88.7th percentile
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | spip | < spip 2.0.6-1 (bullseye) | spip 2.0.6-1 (bullseye) |
| spip | spip | <= 1.8.2e | — |
| spip | spip | <= 1.9_alpha2_5539 | — |
| spip | spip | >= 0 < 2.0.6-1 | 2.0.6-1 |
| spip | spip | >= 0 < 2.0.6-1 | 2.0.6-1 |
| spip | spip | >= 0 < 2.0.6-1 | 2.0.6-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2006-0518: spip - Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earli...
vendor_debian·2006·CVSS 4.3
CVE-2006-0518 [MEDIUM] CVE-2006-0518: spip - Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earli...
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Scope: local
bullseye: resolved (fixed in 2.0.6-1)
forky: resolved (fixed in 2.0.6-1)
sid: resolved (fixed in 2.0.6-1)
trixie: resolved (fixed in 2.0.6-1)
GHSA
GHSA-4hxq-fhr5-rx6m: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2006-0518 [MEDIUM] GHSA-4hxq-fhr5-rx6m: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
OSV
CVE-2006-0518: Cross-site scripting (XSS) vulnerability in index
osv·2006-02-02·CVSS 4.3
CVE-2006-0518 [MEDIUM] CVE-2006-0518: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/18676http://www.osvdb.org/22849http://www.securityfocus.com/bid/16461http://www.vupen.com/english/advisories/2006/0398http://www.zone-h.org/en/advisories/read/id=8650/https://exchange.xforce.ibmcloud.com/vulnerabilities/24401http://secunia.com/advisories/18676http://www.osvdb.org/22849http://www.securityfocus.com/bid/16461http://www.vupen.com/english/advisories/2006/0398http://www.zone-h.org/en/advisories/read/id=8650/https://exchange.xforce.ibmcloud.com/vulnerabilities/24401
2006-02-02
Published