CyberSec.Space Logo
Back to CVE Browser

CVE-2006-1033

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile32.14th
PublishedMar 7, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.

Affected Platforms (CPE)

πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.1.1
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.2.0
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.3.0
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.4.0
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.5.0
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.6.0

References & Advisories

πŸ”— http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html
πŸ”— http://secunia.com/advisories/18940
πŸ”— http://securitytracker.com/id?1015661
πŸ”— http://www.securityfocus.com/bid/16784
πŸ”— http://www.vupen.com/english/advisories/2006/0688
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/24843
πŸ”— http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html
πŸ”— http://secunia.com/advisories/18940

Related Vulnerabilities

CVE-2006-06447.5

Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote...

CVE-2006-07277.5

SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfl...

CVE-2006-41626.8

Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web scri...

CVE-2006-07264.3

Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitr...