CVE-2006-3009
published 2006-06-13CVE-2006-3009: Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script…
PriorityP422medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
2.52%
82.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aliacom | open_business_management | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Open Business Management 1.0.3 pl1 - 'list_index.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-06-07
CVE-2006-3009 Open Business Management 1.0.3 pl1 - 'list_index.php' Multiple Cross-Site Scripting Vulnerabilities
Open Business Management 1.0.3 pl1 - 'list_index.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/18348/info
Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
http://obm-host/list/list_index.php?action=search&tf_name=[XSS]
http://obm-host/list/list_index.php?action=search&tf_name=&tf_contact=[XSS]
Exploit-DB
Open Business Management 1.0.3 pl1 - 'publication_index.php?tf_lang' Cross-Site Scripting
exploitdb·2006-06-07
CVE-2006-3009 Open Business Management 1.0.3 pl1 - 'publication_index.php?tf_lang' Cross-Site Scripting
Open Business Management 1.0.3 pl1 - 'publication_index.php?tf_lang' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/18348/info
Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
http://obm-host/publication/publication_index.php?tf_title=&sel_type=_ALL_&tf_year=&tf_lang=[XSS]
Exploit-DB
Open Business Management 1.0.3 pl1 - 'company_index.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-06-07
CVE-2006-3009 Open Business Management 1.0.3 pl1 - 'company_index.php' Multiple Cross-Site Scripting Vulnerabilities
Open Business Management 1.0.3 pl1 - 'company_index.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/18348/info
Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
http://obm-host/company/company_index.php?action=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=&tf_datebefore=[XSS]
http://obm-host/company/company_index
Exploit-DB
Open Business Management 1.0.3 pl1 - 'user_index.php?tf_lastname' Cross-Site Scripting
exploitdb·2006-06-07
CVE-2006-3009 Open Business Management 1.0.3 pl1 - 'user_index.php?tf_lastname' Cross-Site Scripting
Open Business Management 1.0.3 pl1 - 'user_index.php?tf_lastname' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/18348/info
Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
http://obm-host/user/user_index.php?action=search&tf_login=&tf_lastname=[XSS]
Exploit-DB
Open Business Management 1.0.3 pl1 - 'group_index.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-06-07
CVE-2006-3009 Open Business Management 1.0.3 pl1 - 'group_index.php' Multiple Cross-Site Scripting Vulnerabilities
Open Business Management 1.0.3 pl1 - 'group_index.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/18348/info
Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
http://obm-host/group/group_index.php?action=search&tf_name=[XSS]
http://obm-host/group/group_index.php?action=search&tf_name=&tf_user=[XSS]
No writeups or analysis indexed.
http://pridels0.blogspot.com/2006/06/obm-multiple-sql-inj-and-xss-vuln.htmlhttp://secunia.com/advisories/20486http://www.osvdb.org/26198http://www.osvdb.org/26199http://www.osvdb.org/26200http://www.osvdb.org/26201http://www.osvdb.org/26202http://www.securityfocus.com/bid/18348https://exchange.xforce.ibmcloud.com/vulnerabilities/27031http://pridels0.blogspot.com/2006/06/obm-multiple-sql-inj-and-xss-vuln.htmlhttp://secunia.com/advisories/20486http://www.osvdb.org/26198http://www.osvdb.org/26199http://www.osvdb.org/26200http://www.osvdb.org/26201http://www.osvdb.org/26202http://www.securityfocus.com/bid/18348https://exchange.xforce.ibmcloud.com/vulnerabilities/27031
2006-06-13
Published