CVE-2006-7149

Published: Mar 7, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.

Affected (3)

Products: Mambo: Mambo

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mambo Mambo	Version 4.6.1
Mambo Mambo	Version 4.6 rc1
Mambo Mambo	Version 4.6 rc2

References (10)

http://securityreason.com/securityalert/2379

Source: cve@mitre.org

http://www.kapda.ir/advisory-444.html

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/archive/1/449305/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/20650

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/29708

Source: cve@mitre.org

http://securityreason.com/securityalert/2379

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kapda.ir/advisory-444.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.securityfocus.com/archive/1/449305/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/20650

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/29708

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.