Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1786

6 documents4 sources
Severity
2.6LOW
EPSS
4.2%
top 11.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Document Server
Timeline
PublishedApr 13
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-72h3-gq4h-hx2w: Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 62022-05-01
CVEList
CVE-2006-1786: Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 62006-04-13

💥Exploits & PoCs

3
Exploit-DB
freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow2006-05-15
Exploit-DB
Adobe Document Server 6.0 Extensions - 'AlterCast?op' Cross-Site Scripting2006-04-13
Exploit-DB
Adobe Document Server 6.0 Extensions - 'ads-readerext?actionID' Cross-Site Scripting2006-04-13
CVE-2006-1786 (LOW CVSS 2.6) | Cross-site scripting (XSS) vulnerab | cvebase.io