CVE-2006-4162 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2006-4162

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field.

Affected Software

Name	Vendor	Start Version	End Version
Dragonfly_cms	Cpg-nuke	9.0.1.1 (including)	9.0.1.1 (including)
Dragonfly_cms	Cpg-nuke	9.0.2.0 (including)	9.0.2.0 (including)
Dragonfly_cms	Cpg-nuke	9.0.3.0 (including)	9.0.3.0 (including)
Dragonfly_cms	Cpg-nuke	9.0.4.0 (including)	9.0.4.0 (including)
Dragonfly_cms	Cpg-nuke	9.0.5.0 (including)	9.0.5.0 (including)
Dragonfly_cms	Cpg-nuke	9.0.6.0 (including)	9.0.6.0 (including)
Dragonfly_cms	Cpg-nuke	9.0.6.1 (including)	9.0.6.1 (including)

References

http://securityreason.com/securityalert/1394
http://www.securityfocus.com/archive/1/442885/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28333