Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-03-06 20:06
Updated : 2024-02-04 16:52
NVD link : CVE-2006-1008
Mitre link : CVE-2006-1008
CVE.ORG link : CVE-2006-1008
JSON object : View
Products Affected
nathan_landry
- n8cms_sitesuite_cms
CWE