CyberSec.Space Logo
返回 CVE 浏览器

CVE-2006-7004

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile26.15th
Published2007年2月12日
Last Modified2026年4月23日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected Platforms (CPE)

📦
Php Script Tools

Psy Auction

All versions

References & Advisories

🔗 http://www.osvdb.org/36360
🔗 http://www.securityfocus.com/bid/17974
🔗 http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt
🔗 http://www.osvdb.org/36360
🔗 http://www.securityfocus.com/bid/17974
🔗 http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt

相关漏洞威胁

CVE-2006-70057.5

SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parame...

CVE-2006-607610.0

Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier ...

CVE-2006-446110.0

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the pr...

CVE-2006-610210.0

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X ser...