Unrated severityNVD Advisory· Published Oct 23, 2006· Updated Apr 23, 2026
CVE-2006-5451
CVE-2006-5451
Description
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227.
Affected products
1- cpe:2.3:a:torrentflux:torrentflux:2.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.stevenroddis.com.au/2006/10/13/torrentflux-startpopphp-torrent-script-insertion/nvdExploit
- www.stevenroddis.com.au/2006/10/17/torrentflux-action-script-insertion/nvdExploit
- www.stevenroddis.com.au/2006/10/17/torrentflux-file-script-insertion/nvdExploit
- www.stevenroddis.com.au/2006/10/17/torrentflux-user_id-script-insertion/nvdExploit
- secunia.com/advisories/22384nvdVendor Advisory
- www.vupen.com/english/advisories/2006/4043nvdVendor Advisory
- www.securityfocus.com/archive/1/448619/100/100/threadednvd
- www.securityfocus.com/archive/1/448947/100/0/threadednvd
- www.securityfocus.com/archive/1/448948/100/0/threadednvd
- www.securityfocus.com/archive/1/448952/100/0/threadednvd
- www.securityfocus.com/bid/20534nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/29592nvd
News mentions
0No linked articles in our index yet.