Unrated severityNVD Advisory· Published Aug 29, 2006· Updated Jun 16, 2026

CVE-2006-4442

Description

Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field). NOTE: some details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Clemens Wacha/PHP Iaddressbook6 versions
cpe:2.3:a:clemens_wacha:php_iaddressbook:0.9:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:clemens_wacha:php_iaddressbook:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:clemens_wacha:php_iaddressbook:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:clemens_wacha:php_iaddressbook:0.91a:*:*:*:*:*:*:*
- cpe:2.3:a:clemens_wacha:php_iaddressbook:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:clemens_wacha:php_iaddressbook:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:clemens_wacha:php_iaddressbook:0.94:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

secunia.com/advisories/21611nvdPatchVendor Advisory
www.securityfocus.com/bid/19698nvdPatch
wacha.ch/wiki/addressbook:changelognvd
www.osvdb.org/28174nvd
www.vupen.com/english/advisories/2006/3371nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000