CVE-2006-6871 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2006-6871

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the your Friend field in friend.php, or (4) the Main Text field in admin.php.

Affected Software

Name	Vendor	Start Version	End Version
Endonesia	Endonesia	8.4 (including)	8.4 (including)

References

http://secunia.com/advisories/23502
http://www.securityfocus.com/bid/21333
http://www.vupen.com/english/advisories/2006/5187
https://exchange.xforce.ibmcloud.com/vulnerabilities/31116
https://www.exploit-db.com/exploits/3004