First published: Mon Oct 23 2006(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TorrentFlux | =2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-5451 is considered to have moderate severity due to its potential for cross-site scripting attacks.
To fix CVE-2006-5451, upgrade to a patched version of TorrentFlux that addresses the XSS vulnerabilities.
CVE-2006-5451 describes multiple cross-site scripting (XSS) vulnerabilities affecting TorrentFlux 2.1.
CVE-2006-5451 affects the admin.php file, specifically the variables action, file, and users array.
Yes, CVE-2006-5451 can be exploited by remote attackers to inject arbitrary web scripts or HTML.