CVE-2006-1033

Name: CVE-2006-1033
Creator: NVD / NIST
Published: 2006-03-07T11:02:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.90%

Last modified Jun 16, 2026

CVE-2006-1033 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.. EPSS estimates a 1.90% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.

Metrics

EPSS Probability

1.90%

77.1th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Cpg-Nuke	Dragonfly Cms	9.0.1.1
Cpg-Nuke	Dragonfly Cms	9.0.2.0
Cpg-Nuke	Dragonfly Cms	9.0.3.0
Cpg-Nuke	Dragonfly Cms	9.0.4.0
Cpg-Nuke	Dragonfly Cms	9.0.5.0
Cpg-Nuke	Dragonfly Cms	9.0.6.0

References

http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.htmlExploit, Vendor Advisory
http://secunia.com/advisories/18940Vendor Advisory
http://securitytracker.com/id?1015661Exploit
http://www.securityfocus.com/bid/16784Exploit
http://www.vupen.com/english/advisories/2006/0688
https://exchange.xforce.ibmcloud.com/vulnerabilities/24843
http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.htmlExploit, Vendor Advisory
http://secunia.com/advisories/18940Vendor Advisory
http://securitytracker.com/id?1015661Exploit
http://www.securityfocus.com/bid/16784Exploit
http://www.vupen.com/english/advisories/2006/0688
https://exchange.xforce.ibmcloud.com/vulnerabilities/24843

Timeline

Published: Mar 7, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-1033?

How severe is CVE-2006-1033?

Severity scoring for CVE-2006-1033 is pending analysis. The EPSS model estimates a 1.90% probability of exploitation in the next 30 days.

How do I fix CVE-2006-1033?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-1033?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST