CVE-2006-4874
published 2006-09-19CVE-2006-4874: Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.39%
87.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Jupiter CMS 1.1.4/1.1.5 - '/modules/mass-email.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-09-15
CVE-2006-4874 Jupiter CMS 1.1.4/1.1.5 - '/modules/mass-email.php' Multiple Cross-Site Scripting Vulnerabilities
Jupiter CMS 1.1.4/1.1.5 - '/modules/mass-email.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/20048/info
Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, or upload and execute arbitrary files within the webserver process. Other attacks are also possible.
http://www.example.com/modules/mass-email.php?language[Mass-Email%20form%20title]=alert(d
Exploit-DB
Jupiter CMS 1.1.4/1.1.5 - '/modules/register.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-09-15
CVE-2006-4874 Jupiter CMS 1.1.4/1.1.5 - '/modules/register.php' Multiple Cross-Site Scripting Vulnerabilities
Jupiter CMS 1.1.4/1.1.5 - '/modules/register.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/20048/info
Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, or upload and execute arbitrary files within the webserver process. Other attacks are also possible.
http://www.example.com/modules/register.php?is_guest=1&language[Register%20title]=alert(doc
Exploit-DB
Jupiter CMS 1.1.4/1.1.5 - '/modules/blocks.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-09-15
CVE-2006-4874 Jupiter CMS 1.1.4/1.1.5 - '/modules/blocks.php' Multiple Cross-Site Scripting Vulnerabilities
Jupiter CMS 1.1.4/1.1.5 - '/modules/blocks.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/20048/info
Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, or upload and execute arbitrary files within the webserver process. Other attacks are also possible.
http://www.example.com/modules/blocks.php?is_webmaster=2&language[Admin%20name]=alert(documen
Exploit-DB
Jupiter CMS 1.1.4/1.1.5 - '/modules/search.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-09-15
CVE-2006-4874 Jupiter CMS 1.1.4/1.1.5 - '/modules/search.php' Multiple Cross-Site Scripting Vulnerabilities
Jupiter CMS 1.1.4/1.1.5 - '/modules/search.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/20048/info
Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, or upload and execute arbitrary files within the webserver process. Other attacks are also possible.
http://www.example.com/modules/search.php?language[Search%20view%20desc]=alert(document.cooki
No writeups or analysis indexed.
2006-09-19
Published