CVE-2006-2951

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27123

http://www.vupen.com/english/advisories/2006/2233

http://www.securityfocus.com/bid/18383

http://www.securityfocus.com/archive/1/436442/100/0/threaded

http://www.osvdb.org/26296

http://www.osvdb.org/26295

http://www.osvdb.org/26294

http://www.osvdb.org/26293

http://www.osvdb.org/26292

http://securityreason.com/securityalert/1076

Details

Source: Mitre, NVD

Published: 2006-06-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.04076