CVE-2006-1120 - 漏洞详情

CVE-2006-1120 (CNNVD-200603-171)

LOW 有利用代码

中文标题:

DCP-Portal门户网站多个跨站脚本攻击漏洞

英文标题:

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_g...

CVSS分数: 2.6

发布时间: 2006-03-09 21:00:00

漏洞类型: 跨站脚本

状态: PUBLISHED

数据质量分数: 0.40

数据版本: v9

漏洞描述

中文描述:

DCP-Portal 6.1.1及其早期版本中存在多个跨站脚本攻击(XSS)漏洞，当register_globals有效时，远程攻击者可以通过以下途径注入任意Web脚本或 HTML：(1)在文件页中的 its_url参数和(2)在(a)index.php的send_write页中的url参数；(3)主题，和(4)在(b)calendar.php中的图像参数；(5)出价，(6)replying_msg，(7)主题，(8)正文，和(9)在(c)forums.php中的mid参数；(10)主题和(11)在(d)inbox.php中的短信参数；(12)subject_color和(13)在(e)lostpassword.php中的邮件参数；和(14)c_name，(15)content_inicial，和(16)在(f) mycontents.php中的cid参数。注：calendar.php/day向量已并入CVE-2006-0220中，和calendar.php/month，calendar.php/year，和calendar.php的search.php/q 参数已并入CVE-2004-2511中。

英文描述:

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511.

CWE类型:

（暂无数据）

受影响产品

厂商	产品	版本	版本范围	平台	CPE
codeworx_technologies	dcp-portal	3.7	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:::::::*`
codeworx_technologies	dcp-portal	4.0	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:::::::*`
codeworx_technologies	dcp-portal	4.1	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:::::::*`
codeworx_technologies	dcp-portal	4.2	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:::::::*`
codeworx_technologies	dcp-portal	4.5.1	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:::::::*`
codeworx_technologies	dcp-portal	5.0.1	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:::::::*`
codeworx_technologies	dcp-portal	5.0.2	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:::::::*`
codeworx_technologies	dcp-portal	5.1	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:::::::*`
codeworx_technologies	dcp-portal	5.2	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:::::::*`
codeworx_technologies	dcp-portal	5.3	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:::::::*`
codeworx_technologies	dcp-portal	5.3.1	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:::::::*`
codeworx_technologies	dcp-portal	5.3.2	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.2:::::::*`
codeworx_technologies	dcp-portal	6.1.1	-	-	`cpe:2.3:a:codeworx_technologies:dcp-portal:6.1.1:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

dcpportal-multiple-scripts-xss(25279) vdb-entry
cve.org

访问

23979 vdb-entry
cve.org

访问

23981 vdb-entry
cve.org

访问

20060309 DCP Portal: Multiple XSS Vulnerabilities mailing-list
cve.org

访问

23980 vdb-entry
cve.org

访问

17050 vdb-entry
cve.org

访问

392 third-party-advisory
cve.org

访问

23978 vdb-entry
cve.org

访问

23976 vdb-entry
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

23977 vdb-entry
cve.org

访问

ExploitDB EDB-27390 EXPLOIT
exploitdb

访问

Download Exploit EDB-27390 EXPLOIT
exploitdb

访问

CVE Reference: CVE-2006-1120 ADVISORY
cve.org

访问

ExploitDB EDB-27391 EXPLOIT
exploitdb

访问

Download Exploit EDB-27391 EXPLOIT
exploitdb

访问

ExploitDB EDB-27392 EXPLOIT
exploitdb

访问

Download Exploit EDB-27392 EXPLOIT
exploitdb

访问

ExploitDB EDB-27393 EXPLOIT
exploitdb

访问

Download Exploit EDB-27393 EXPLOIT
exploitdb

访问

ExploitDB EDB-27394 EXPLOIT
exploitdb

访问

Download Exploit EDB-27394 EXPLOIT
exploitdb

访问

ExploitDB EDB-27395 EXPLOIT
exploitdb

访问

Download Exploit EDB-27395 EXPLOIT
exploitdb

访问

CVSS评分详情

2.6

LOW

CVSS向量: AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS版本: 2.0

机密性

NONE

完整性

PARTIAL

可用性

NONE

时间信息

发布时间:

2006-03-09 21:00:00

修改时间:

2024-08-07 16:56:15

创建时间:

2025-11-11 15:32:32

更新时间:

2026-01-19 09:42:10

利用信息

此漏洞有可利用代码！

利用代码数量: 6

利用来源:

未知未知未知未知未知未知

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2006-1120`	2025-11-11 15:17:40	2025-11-11 07:32:32
NVD	`nvd_CVE-2006-1120`	2025-11-11 14:51:48	2025-11-11 07:41:18
CNNVD	`cnnvd_CNNVD-200603-171`	2025-11-11 15:08:50	2025-11-11 07:49:05
EXPLOITDB	`exploitdb_EDB-27390`	2025-11-11 15:05:33	2025-11-11 08:23:33
EXPLOITDB	`exploitdb_EDB-27391`	2025-11-11 15:05:33	2025-11-11 08:23:33
EXPLOITDB	`exploitdb_EDB-27392`	2025-11-11 15:05:33	2025-11-11 08:23:33
EXPLOITDB	`exploitdb_EDB-27393`	2025-11-11 15:05:33	2025-11-11 08:23:33
EXPLOITDB	`exploitdb_EDB-27394`	2025-11-11 15:05:33	2025-11-11 08:23:33
EXPLOITDB	`exploitdb_EDB-27395`	2025-11-11 15:05:33	2025-11-11 08:23:33

版本与语言

当前版本: v9

主要语言: EN

支持语言:

EN ZH

其他标识符:

安全公告

暂无安全公告信息

变更历史

v9 EXPLOITDB

2025-11-11 16:23:33

references_count: 22 → 24; tags_count: 8 → 9

查看详细变更

references_count: 22 -> 24
tags_count: 8 -> 9

v8 EXPLOITDB

2025-11-11 16:23:33

references_count: 20 → 22; tags_count: 7 → 8

查看详细变更

references_count: 20 -> 22
tags_count: 7 -> 8

v7 EXPLOITDB

2025-11-11 16:23:33

references_count: 18 → 20; tags_count: 6 → 7

查看详细变更

references_count: 18 -> 20
tags_count: 6 -> 7

v6 EXPLOITDB

2025-11-11 16:23:33

references_count: 16 → 18; tags_count: 5 → 6

查看详细变更

references_count: 16 -> 18
tags_count: 5 -> 6

v5 EXPLOITDB

2025-11-11 16:23:33

references_count: 14 → 16; tags_count: 4 → 5

查看详细变更

references_count: 14 -> 16
tags_count: 4 -> 5

v4 EXPLOITDB

2025-11-11 16:23:33

references_count: 11 → 14; tags_count: 0 → 4; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']

查看详细变更

references_count: 11 -> 14
tags_count: 0 -> 4
data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']

v3 CNNVD

2025-11-11 15:49:05

vulnerability_type: 未提取 → 跨站脚本; cnnvd_id: 未提取 → CNNVD-200603-171; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 跨站脚本
cnnvd_id: 未提取 -> CNNVD-200603-171
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:41:18

severity: SeverityLevel.MEDIUM → SeverityLevel.LOW; cvss_score: 未提取 → 2.6; cvss_vector: NOT_EXTRACTED → AV:N/AC:H/Au:N/C:N/I:P/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 13; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

severity: SeverityLevel.MEDIUM -> SeverityLevel.LOW
cvss_score: 未提取 -> 2.6
cvss_vector: NOT_EXTRACTED -> AV:N/AC:H/Au:N/C:N/I:P/A:N
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 13
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2006-1120 (CNNVD-200603-171)

中文标题:

DCP-Portal门户网站多个跨站脚本攻击漏洞

英文标题:

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_g...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史