Unrated severityNVD Advisory· Published Apr 6, 2006· Updated Apr 16, 2026

CVE-2006-1645

Description

Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.

Affected products

Reloadcms/Reloadcms7 versions
cpe:2.3:a:reloadcms:reloadcms:1.2.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:reloadcms:reloadcms:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:reloadcms:reloadcms:1.2.0_p1:*:*:*:*:*:*:*
- cpe:2.3:a:reloadcms:reloadcms:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:reloadcms:reloadcms:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:reloadcms:reloadcms:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:reloadcms:reloadcms:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:reloadcms:reloadcms:1.2.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/17353nvdExploit
secunia.com/advisories/19470nvdVendor Advisory
www.osvdb.org/24327nvd
www.securityfocus.com/archive/1/429666/100/0/threadednvd
www.vupen.com/english/advisories/2006/1193nvd
exchange.xforce.ibmcloud.com/vulnerabilities/25604nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000