Unrated severityNVD Advisory· Published Mar 19, 2006· Updated Apr 16, 2026

CVE-2006-1290

Description

Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php.

Affected products

Milkeyway/Milkeyway Captive Portal2 versions
cpe:2.3:a:milkeyway:milkeyway_captive_portal:0.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:milkeyway:milkeyway_captive_portal:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:milkeyway:milkeyway_captive_portal:0.1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ush.it/team/ascii/hack-milkeway/milkeyway.txtnvdExploit
secunia.com/advisories/19258nvd
securitytracker.com/idnvd
www.osvdb.org/23932nvd
www.osvdb.org/23933nvd
www.securityfocus.com/archive/1/427890/100/0/threadednvd
www.securityfocus.com/bid/17127nvd
www.ush.it/team/ascii/hack-milkeway/advisory.txtnvd
www.vupen.com/english/advisories/2006/0968nvd
exchange.xforce.ibmcloud.com/vulnerabilities/25288nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000