Unrated severityNVD Advisory· Published Sep 23, 2006· Updated Apr 16, 2026

CVE-2006-4964

Description

Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.

Affected products

Maxdev/Mdpro4 versions
cpe:2.3:a:maxdev:md-pro:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:maxdev:md-pro:*:*:*:*:*:*:*:*range: <=1.0.76
- cpe:2.3:a:maxdev:md-pro:1.0.72:*:*:*:*:*:*:*
- cpe:2.3:a:maxdev:md-pro:1.0.73:*:*:*:*:*:*:*
- cpe:2.3:a:maxdev:md-pro:1.0.75:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/22050nvdPatchVendor Advisory
www.maxdev.com/Article605.phtmlnvdPatchURL Repurposed
www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_MDPro_1.076.phtmlnvdPatchURL Repurposed
www.securityfocus.com/bid/20133nvdPatch
jvn.jp/jp/JVN%2346630603/index.htmlnvd
www.vupen.com/english/advisories/2006/3732nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000