VYPR
Unrated severityNVD Advisory· Published Jul 12, 2006· Updated Jun 16, 2026

CVE-2006-3533

CVE-2006-3533

Description

Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pivot/Pivot2 versions
    cpe:2.3:a:pivot:pivot:1.30_rc2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:pivot:pivot:1.30_rc2:*:*:*:*:*:*:*
    • (no CPE)range: <=1.30 RC2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.