CVE-2006-7149: XSS
First published: Wed Mar 07 2007(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mambo Mambo | =4.6-rc1 | |
| Mambo Mambo | =4.6.1 | |
| Mambo Mambo | =4.6-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/mambo
- canonical/mambo mambo
- version/mambo mambo/4.6-rc1
- version/mambo mambo/4.6.1
- version/mambo mambo/4.6-rc2