Unrated severityNVD Advisory· Published Dec 27, 2006· Updated Apr 23, 2026

CVE-2006-6769

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php.

Affected products

Php Live/PHP Live3 versions
cpe:2.3:a:php_live:php_live:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:php_live:php_live:*:*:*:*:*:*:*:*range: <=3.2.2
- cpe:2.3:a:php_live:php_live:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_live:php_live:3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.hackerscenter.com/archive/view.aspnvdExploit
www.securityfocus.com/bid/21737nvdExploit
secunia.com/advisories/23488nvdVendor Advisory
securityreason.com/securityalert/2068nvd
www.securityfocus.com/archive/1/455269/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000