Unrated severityNVD Advisory· Published Oct 23, 2006· Updated Jun 16, 2026
CVE-2006-5451
CVE-2006-5451
Description
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227.
Affected products
2cpe:2.3:a:torrentflux:torrentflux:2.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:torrentflux:torrentflux:2.1:*:*:*:*:*:*:*
- (no CPE)range: =2.1
Patches
Vulnerability mechanics
References
12- www.stevenroddis.com.au/2006/10/13/torrentflux-startpopphp-torrent-script-insertion/nvdExploit
- www.stevenroddis.com.au/2006/10/17/torrentflux-action-script-insertion/nvdExploit
- www.stevenroddis.com.au/2006/10/17/torrentflux-file-script-insertion/nvdExploit
- www.stevenroddis.com.au/2006/10/17/torrentflux-user_id-script-insertion/nvdExploit
- secunia.com/advisories/22384nvdVendor Advisory
- www.vupen.com/english/advisories/2006/4043nvdVendor Advisory
- www.securityfocus.com/archive/1/448619/100/100/threadednvd
- www.securityfocus.com/archive/1/448947/100/0/threadednvd
- www.securityfocus.com/archive/1/448948/100/0/threadednvd
- www.securityfocus.com/archive/1/448952/100/0/threadednvd
- www.securityfocus.com/bid/20534nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/29592nvd
News mentions
0No linked articles in our index yet.