CVE-2006-0524 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Affected Software

Name	Vendor	Start Version	End Version
Ashnews	Ashwebstudio	0.83 (including)	0.83 (including)

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0955.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html
http://secunia.com/advisories/9331
http://www.osvdb.org/22934
http://www.securityfocus.com/bid/16426
https://exchange.xforce.ibmcloud.com/vulnerabilities/24365
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0955.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html
http://secunia.com/advisories/9331
http://www.osvdb.org/22934
http://www.securityfocus.com/bid/16426
https://exchange.xforce.ibmcloud.com/vulnerabilities/24365

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0524
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html