Intrusion Prevention

SixCMS.List.PHP.XSS

Description

A Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.

Affected Products

SixCMS 6.0, and other versions before 6.0.6patch2.

Impact

Cross Site Scripting.

Recommended Actions

The vulnerability has reportedly been fixed in version 6.0.6 patch2, which can be downloaded from the support site.

CVE References

CVE-2006-3051