CVE-2006-3385
Description
Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) vulnerability in divers.php of Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary HTML or script via the id and disabled parameters.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in divers.php of Vincent Leclercq News version 5.2. The id and disabled parameters are not properly sanitized before being reflected back to the user, allowing injection of arbitrary web script or HTML [1].
Exploitation
An attacker can exploit this by crafting a URL containing malicious code in either the id or disabled parameter and convincing a victim to click on it. No authentication is required; the attacker only needs to get the victim to visit the crafted link while using a vulnerable version of the application.
Impact
Successful exploitation leads to arbitrary script execution in the victim's browser within the context of the affected website. This can result in session hijacking, defacement, or theft of sensitive information.
Mitigation
As of the available references, no patch or fixed version has been identified. Users should consider upgrading to a newer version of Vincent Leclercq News if available, or implement input validation and output encoding for the vulnerable parameters as a workaround [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- cpe:2.3:a:vincent_leclercq:news:5.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.securityfocus.com/bid/18775nvdExploit
- secunia.com/advisories/20936nvdVendor Advisory
- www.acid-root.new.fr/advisories/news52.txtnvdVendor Advisory
- www.securityfocus.com/archive/1/438859/100/0/threadednvd
- www.vupen.com/english/advisories/2006/2642nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27505nvd
News mentions
0No linked articles in our index yet.