Vulnerability CVE-2006-2063
Published: 2006-04-26   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Leadhound network -> Leadhound full 
Leadhound network -> Leadhound lite 

 References:
http://www.osvdb.org/25060
http://www.osvdb.org/25059
http://www.osvdb.org/25058
http://www.osvdb.org/25057
http://www.osvdb.org/25056
http://www.osvdb.org/25055
http://www.osvdb.org/25054
http://www.osvdb.org/25053
http://www.osvdb.org/25052
http://www.osvdb.org/25051
http://www.osvdb.org/25050
http://www.osvdb.org/25049
http://www.osvdb.org/25048
http://www.osvdb.org/25047
http://www.osvdb.org/25046
http://www.osvdb.org/25045
http://www.osvdb.org/25044
http://www.osvdb.org/25043
http://www.osvdb.org/25042
http://www.osvdb.org/25041
http://www.osvdb.org/25039
http://www.osvdb.org/25038
http://www.osvdb.org/25037
http://www.osvdb.org/25036
http://www.osvdb.org/25035
http://www.osvdb.org/25034
http://www.osvdb.org/25033
http://www.osvdb.org/25032
http://www.osvdb.org/25031
http://www.osvdb.org/25030
http://secunia.com/advisories/19867
http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html
Copyright 2024, cxsecurity.com

 

Back to Top