CVE-2006-2564
published 2006-05-24CVE-2006-2564: Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1)…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.30%
66.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alstrasoft | e-friends | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2hmm-6xx6-32fx: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-4080 [MEDIUM] GHSA-2hmm-6xx6-32fx: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
GHSA
GHSA-ggwf-3hfh-gfhr: Multiple cross-site scripting (XSS) vulnerabilities in index
ghsa_unreviewed·2022-05-01
CVE-2006-2564 [MEDIUM] GHSA-ggwf-3hfh-gfhr: Multiple cross-site scripting (XSS) vulnerabilities in index
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/20229http://securityreason.com/securityalert/954http://www.securityfocus.com/archive/1/434846/100/0/threadedhttp://www.securityfocus.com/bid/18079http://www.vupen.com/english/advisories/2006/1944https://exchange.xforce.ibmcloud.com/vulnerabilities/26650http://secunia.com/advisories/20229http://securityreason.com/securityalert/954http://www.securityfocus.com/archive/1/434846/100/0/threadedhttp://www.securityfocus.com/bid/18079http://www.vupen.com/english/advisories/2006/1944https://exchange.xforce.ibmcloud.com/vulnerabilities/26650
2006-05-24
Published