Detections
Analytics

CVE-2006-1645

medium

Description

Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25604

http://www.vupen.com/english/advisories/2006/1193

http://www.securityfocus.com/archive/1/429666/100/0/threaded

http://www.osvdb.org/24327

http://secunia.com/advisories/19470

Details

Source: Mitre, NVD

Published: 2006-04-06

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00725