CyberSec.Space Logo
返回 CVE 浏览器

CVE-2006-4162

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0050%
EPSS Percentile21.75th
Published2006年8月16日
Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field.

Affected Platforms (CPE)

📦
Cpg Nuke

Dragonfly Cms

= 9.0.1.1
📦
Cpg Nuke

Dragonfly Cms

= 9.0.2.0
📦
Cpg Nuke

Dragonfly Cms

= 9.0.3.0
📦
Cpg Nuke

Dragonfly Cms

= 9.0.4.0
📦
Cpg Nuke

Dragonfly Cms

= 9.0.5.0
📦
Cpg Nuke

Dragonfly Cms

= 9.0.6.0
📦
Cpg Nuke

Dragonfly Cms

= 9.0.6.1

References & Advisories

🔗 http://securityreason.com/securityalert/1394
🔗 http://www.securityfocus.com/archive/1/442885/100/0/threaded
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/28333
🔗 http://securityreason.com/securityalert/1394
🔗 http://www.securityfocus.com/archive/1/442885/100/0/threaded
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/28333

相关漏洞威胁

CVE-2006-06447.5

Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote...

CVE-2006-07277.5

SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfl...

CVE-2006-07264.3

Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitr...

CVE-2006-10334.3

Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web...