CVE-2006-5810
published 2006-11-08CVE-2006-5810: Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP422medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.56%
72.1th percentile
Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xoops | xoops | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
XOOPS 1.0 newdownloadshowdays cross site scripting (BID-20927)
vuldb·2026-04-27·CVSS 6.8
CVE-2006-5810 [MEDIUM] XOOPS 1.0 newdownloadshowdays cross site scripting (BID-20927)
A vulnerability marked as problematic has been reported in XOOPS 1.0. This issue affects some unknown processing. The manipulation of the argument newdownloadshowdays leads to basic cross site scripting.
This vulnerability is documented as CVE-2006-5810. The attack can be initiated remotely. There is not any exploit available.
GHSA
GHSA-frqw-278q-cq9j: Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist
ghsa_unreviewed·2022-05-01
CVE-2006-5810 [MEDIUM] GHSA-frqw-278q-cq9j: Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist
Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.
No detection rules found.
No writeups or analysis indexed.
2006-11-08
Published