Unrated severityNVD Advisory· Published Oct 3, 2006· Updated Apr 23, 2026

CVE-2006-5127

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.

Affected products

Conpresso/Conpresso CMS
cpe:2.3:a:conpresso:conpresso_cms:*:*:*:*:*:*:*:*
Range: <=4.0.4a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

download.compresso.de/compresso-4.0.5a.zipnvdPatch
www.majorsecurity.de/index_2.phpnvdExploit
www.securityfocus.com/bid/20273nvdExploitPatch
secunia.com/advisories/22145nvd
securityreason.com/securityalert/1671nvd
www.securityfocus.com/archive/1/447358/100/0/threadednvd
www.vupen.com/english/advisories/2006/3868nvd
exchange.xforce.ibmcloud.com/vulnerabilities/29272nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000