CVE-2006-6929
published 2007-01-13CVE-2006-6929: Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id…
PriorityP424medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.13%
79.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ga_soft | rapid_classified | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting
exploitdb·2006-11-20
CVE-2006-6929 Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21197/info
Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/advsearch.asp?zipr=1&D1=0&D4=1&zipOpt=20&dosearch=[xss]
Exploit-DB
Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting
exploitdb·2006-11-20
CVE-2006-6929 Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21197/info
Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/view_print.asp?id=[xss]
Exploit-DB
Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting
exploitdb·2006-11-20
CVE-2006-6929 Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21197/info
Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/reply.asp?id=50120815480100001&name=[xss]
Exploit-DB
Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting
exploitdb·2006-11-20
CVE-2006-6929 Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21197/info
Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/search.asp?categoryName=1&SH1=[xss]
No writeups or analysis indexed.
http://s-a-p.ca/index.php?page=OurAdvisories&id=44http://secunia.com/advisories/22985http://securityreason.com/securityalert/2142http://www.securityfocus.com/archive/1/452088/100/0/threadedhttp://www.securityfocus.com/bid/21197http://www.vupen.com/english/advisories/2006/4632https://exchange.xforce.ibmcloud.com/vulnerabilities/30450http://s-a-p.ca/index.php?page=OurAdvisories&id=44http://secunia.com/advisories/22985http://securityreason.com/securityalert/2142http://www.securityfocus.com/archive/1/452088/100/0/threadedhttp://www.securityfocus.com/bid/21197http://www.vupen.com/english/advisories/2006/4632https://exchange.xforce.ibmcloud.com/vulnerabilities/30450
2007-01-13
Published