CVE-2006-1106

Published: Mar 9, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.

Affected (2)

Products: Pixelpost: Pixelpost

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pixelpost Pixelpost	Version 1.4.3
Pixelpost Pixelpost	Version 1.5_beta1

References (12)

http://forum.pixelpost.org/showthread.php?t=3535

Source: cve@mitre.org

http://www.neosecurityteam.net/index.php?action=advisories&id=19

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/426764/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/16964

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0823

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/25047

Source: cve@mitre.org

http://forum.pixelpost.org/showthread.php?t=3535

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.neosecurityteam.net/index.php?action=advisories&id=19

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/426764/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/16964

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/0823

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/25047

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.