CVE-2006-5227

Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable.

Referenced by CVEs: CVE-2006-5451
Score6.8
Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-10 05:07:00.000-04
Last Modified2018-10-17 05:41:46.000-04

Vulnerable Software List

VendorProductVersions
Torrentflux Torrentflux 2.1

References

SourceLink
SREASON1706
SECTRACK1017007
BUGTRAQ20061006 TorrentFlux User-Agent XSS Vulnerability
BID20371
MISChttp://www.stevenroddis.com.au/2006/10/06/torrentflux-user-agent-xss-vulnerability/
XFtorrentflux-admin-xss(29374)