Unrated severityNVD Advisory· Published Feb 13, 2006· Updated Apr 16, 2026
CVE-2006-0650
CVE-2006-0650
Description
Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.
Affected products
10cpe:2.3:a:cpaint:cpaint:1.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:cpaint:cpaint:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpaint:cpaint:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:cpaint:cpaint:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cpaint:cpaint:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpaint:cpaint:1.3_sp:*:*:*:*:*:*:*
- cpe:2.3:a:cpaint:cpaint:1.3_sp1:*:*:*:*:*:*:*
- cpe:2.3:a:cpaint:cpaint:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpaint:cpaint:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpaint:cpaint:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cpaint:cpaint:pre1.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- cpaint.booleansystems.com/forums/viewtopic.phpnvdExploit
- secunia.com/advisories/18765nvdExploitPatchVendor Advisory
- www.gulftech.orgnvdExploitPatchVendor Advisory
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/424663/100/0/threadednvd
- www.securityfocus.com/bid/16559nvd
- www.vupen.com/english/advisories/2006/0487nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24594nvd
News mentions
0No linked articles in our index yet.