CyberSec.Space Logo
Back to CVE Browser

CVE-2006-4162

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0050%
EPSS Percentile21.75th
PublishedAug 16, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field.

Affected Platforms (CPE)

πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.1.1
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.2.0
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.3.0
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.4.0
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.5.0
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.6.0
πŸ“¦
Cpg Nuke

Dragonfly Cms

= 9.0.6.1

References & Advisories

πŸ”— http://securityreason.com/securityalert/1394
πŸ”— http://www.securityfocus.com/archive/1/442885/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/28333
πŸ”— http://securityreason.com/securityalert/1394
πŸ”— http://www.securityfocus.com/archive/1/442885/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/28333

Related Vulnerabilities

CVE-2006-06447.5

Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote...

CVE-2006-07277.5

SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfl...

CVE-2006-07264.3

Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitr...

CVE-2006-10334.3

Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web...