cbcvebase.
CVE-2006-5830
published 2006-11-10

CVE-2006-5830: Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web…

PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.38%
81.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile.

Affected

18 ranges
VendorProductVersion rangeFixed in
aiocpaiocp
aiocpaiocp
aiocpaiocp
aiocpaiocp
aiocpaiocp
aiocpaiocp
aiocpaiocp
aiocpaiocp
nicola_asuniall_in_one_control_panel<= 1.3.009
nicola_asuniall_in_one_control_panel
nicola_asuniall_in_one_control_panel
nicola_asuniall_in_one_control_panel
nicola_asuniall_in_one_control_panel
nicola_asuniall_in_one_control_panel
nicola_asuniall_in_one_control_panel
nicola_asuniall_in_one_control_panel
nicola_asuniall_in_one_control_panel
nicola_asuniall_in_one_control_panel
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.