CVE Vulnerabilities

CVE-2006-1645

Published: Apr 06, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.

Affected Software

Name Vendor Start Version End Version
Reloadcms Reloadcms 1.2.0 1.2.0
Reloadcms Reloadcms 1.2.1 1.2.1
Reloadcms Reloadcms 1.2.5 1.2.5
Reloadcms Reloadcms 1.2.3 1.2.3
Reloadcms Reloadcms 1.2.4 1.2.4
Reloadcms Reloadcms 1.2.0_p1 1.2.0_p1
Reloadcms Reloadcms 1.2.2 1.2.2

References