CVE-2006-6451
published 2006-12-10CVE-2006-6451: Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via…
PriorityP424medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.27%
80.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| swsoft | plesk | <= 8.0.1 | — |
| swsoft | plesk | — | — |
| swsoft | plesk | — | — |
| swsoft | plesk | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g6h8-g3g9-q69c: Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8
ghsa_unreviewed·2022-05-01
CVE-2006-6451 [MEDIUM] CWE-79 GHSA-g6h8-g3g9-q69c: Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
GHSA
GHSA-cgvr-863q-564c: Cross-site scripting (XSS) vulnerability in login_up
ghsa_unreviewed·2022-04-29·CVSS 6.8
CVE-2004-2702 [MEDIUM] CWE-79 GHSA-cgvr-863q-564c: Cross-site scripting (XSS) vulnerability in login_up
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.
No detection rules found.
Exploit-DB
Plesk 7.5/8.0 - 'login_up.php3' Cross-Site Scripting
exploitdb·2006-11-14
CVE-2006-6451 Plesk 7.5/8.0 - 'login_up.php3' Cross-Site Scripting
Plesk 7.5/8.0 - 'login_up.php3' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21067/info
Plesk is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Plesk 8.0.1 and prior versions are vulnerable.
http://www.example.com:8443/login_up.php3/>">alert(15031988)
Exploit-DB
Plesk 7.5/8.0 - 'get_password.php' Cross-Site Scripting
exploitdb·2006-11-14
CVE-2006-6451 Plesk 7.5/8.0 - 'get_password.php' Cross-Site Scripting
Plesk 7.5/8.0 - 'get_password.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21067/info
Plesk is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Plesk 8.0.1 and prior versions are vulnerable.
http://www.example.com:8443/get_password.php/>">alert(15031988)
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=116370467532206&w=2http://securitytracker.com/id?1017236http://www.majorsecurity.de/index_2.php?major_rls=major_rls34http://www.securityfocus.com/bid/21067https://exchange.xforce.ibmcloud.com/vulnerabilities/30320http://marc.info/?l=bugtraq&m=116370467532206&w=2http://securitytracker.com/id?1017236http://www.majorsecurity.de/index_2.php?major_rls=major_rls34http://www.securityfocus.com/bid/21067https://exchange.xforce.ibmcloud.com/vulnerabilities/30320
2006-12-10
Published