Unrated severityNVD Advisory· Published Jun 1, 2006· Updated Apr 16, 2026

CVE-2006-2746

Description

Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.

Affected products

Facile Interactive Web/Facile Interactive Web2 versions
cpe:2.3:a:facile_interactive_web:facile_interactive_web:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:facile_interactive_web:facile_interactive_web:*:*:*:*:*:*:*:*range: <=0.8.5
- cpe:2.3:a:facile_interactive_web:facile_interactive_web:0.8.41:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20358nvdExploitVendor Advisory
www.nukedx.comnvdExploit
www.nukedx.comnvdExploitVendor Advisory
www.securityfocus.com/bid/18151nvdExploit
securityreason.com/securityalert/1010nvd
www.osvdb.org/26104nvd
www.osvdb.org/26105nvd
www.securityfocus.com/archive/1/435283/100/0/threadednvd
www.vupen.com/english/advisories/2006/2036nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000