Unrated severityNVD Advisory· Published Jul 12, 2006· Updated Apr 16, 2026

CVE-2006-3533

Description

Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php.

Affected products

Pivot/Pivot
cpe:2.3:a:pivot:pivot:1.30_rc2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

retrogod.altervista.org/pivot_130RC2_xpl.htmlnvdExploit
www.securityfocus.com/bid/18881nvdExploit
secunia.com/advisories/20962nvdVendor Advisory
securityreason.com/securityalert/1214nvd
www.osvdb.org/27127nvd
www.osvdb.org/27128nvd
www.osvdb.org/27129nvd
www.securityfocus.com/archive/1/439495/100/0/threadednvd
www.vupen.com/english/advisories/2006/2744nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27672nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000