CVE-2006-0923

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24887

http://www.vupen.com/english/advisories/2006/0750

http://www.securityfocus.com/bid/16815

http://www.securityfocus.com/archive/1/425983/100/0/threaded

http://www.myphpnuke.com/article.php?sid=1035&mode=thread&order=0

http://securityreason.com/securityalert/491

http://secunia.com/advisories/19052

Details

Source: Mitre, NVD

Published: 2006-02-28

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N