Vulnerability in Jetbox Jetbox_cms
CVE-2006-3585
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" pag…
EPSS: 0.016 (72.5th percentile) — read the EPSS interpretation.
Affected products
- Jetbox Jetbox_cms — versions 2.1_sr1
- N/a — versions n/a
References
- PSIRT-CNA@flexerasoftware.com (x_refsource_OSVDB, vdb-entry)
- PSIRT-CNA@flexerasoftware.com (x_refsource_OSVDB, vdb-entry)
- PSIRT-CNA@flexerasoftware.com (vdb-entry, x_refsource_BID)
- PSIRT-CNA@flexerasoftware.com (x_refsource_OSVDB, vdb-entry)
- PSIRT-CNA@flexerasoftware.com (mailing-list, x_refsource_BUGTRAQ)
- PSIRT-CNA@flexerasoftware.com (x_refsource_SREASON, third-party-advisory)
- PSIRT-CNA@flexerasoftware.com (x_refsource_MISC, Vendor Advisory)
- PSIRT-CNA@flexerasoftware.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- PSIRT-CNA@flexerasoftware.com (vdb-entry, x_refsource_XF)