Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-3617

EPSS 0.43% · P63
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-3617

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Pixelated By Lev (PBL) Guestbook 跨站脚本攻击(XSS) 漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Pixelated By Lev (PBL) Guestbook 1.32及之前版本中的 pblguestbook.php存在跨站脚本攻击(XSS) 漏洞。远程攻击者可以借助(1) name, (2) message (又称comments), (3) website, 以及 (4) email参数,绕过检查 SCRIPT标签而非其它标签的XSS保护机制,从而注入任意Web脚本或HTML ,比如iframe标签中的onMouseOver 属性和src属性中的javascript URI 。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-3617

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-3617

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-07-14 · 36 CVEs total

CVE-2006-3598PHP-Nuke的Sections模块 SQL注入漏洞
CVE-2006-3618Pixelated By Lev (PBL) Guestbook 'pblguestbook.php'SQL注入漏洞
CVE-2006-3591Microsoft Internet Explorer TriEditDocument拒绝服务漏洞
CVE-2006-3592Cisco Unified CallManager命令输出重定向漏洞
CVE-2006-3593Cisco Unified CallManager多个远程安全漏洞
CVE-2006-3594Cisco Unified CallManager SIP请求缓冲区溢出漏洞
CVE-2006-3595Cisco Router Web Setup (CRWS)访问认证绕过漏洞
CVE-2006-3596Cisco入侵保护系统畸形报文拒绝服务漏洞
CVE-2006-3597Ubuntu passwd 内存密码清零漏洞
CVE-2006-3616Lazarus Guestbook多个跨站脚本攻击漏洞
CVE-2006-3599PHP-Nuke的Nuke Advanced Classifieds模块SQL注入漏洞
CVE-2006-3600Libtunepimp多个远程缓冲区溢出漏洞
CVE-2006-3601DotNetNuke (.net nuke)未明DNN Modules 模块未明攻击漏洞
CVE-2006-3602Farsinews 'Tiny_mce_gzip.PHP'目录遍历漏洞
CVE-2006-3603FlexWATCH Network Camera 'index.php'跨站脚本攻击漏洞
CVE-2006-3604FlexWatch 'AIndex.ASP' 目录遍历漏洞
CVE-2006-3605Microsoft IE ActiveX对象Transition属性拒绝服务漏洞
CVE-2006-3590Microsoft Powerpoint远程执行任意代码漏洞(MS06-048)
CVE-2006-3608FlatNuke 'Index.php'远程文件包含漏洞
CVE-2006-3621Koobi Pro showtopic模块多个输入验证漏洞

Showing top 20 of 36 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-3617

No comments yet

Leave a comment