CVE-2006-2063

Name: CVE-2006-2063
Creator: NVD / NIST
Published: 2006-04-26T20:06:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.39%

Last modified Jun 16, 2026

CVE-2006-2063 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.. EPSS estimates a 2.39% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.

Metrics

EPSS Probability

2.39%

81.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Leadhound Network	Leadhound Full	2.1
Leadhound Network	Leadhound Full	2.1_network_version
Leadhound Network	Leadhound Lite	2.1

References

http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html
http://secunia.com/advisories/19867Vendor Advisory
http://www.osvdb.org/25030Exploit
http://www.osvdb.org/25031Exploit
http://www.osvdb.org/25032Exploit
http://www.osvdb.org/25033Exploit
http://www.osvdb.org/25034
http://www.osvdb.org/25035Exploit
http://www.osvdb.org/25036Exploit
http://www.osvdb.org/25037Exploit
http://www.osvdb.org/25038Exploit
http://www.osvdb.org/25039Exploit
http://www.osvdb.org/25041Exploit
http://www.osvdb.org/25042Exploit
http://www.osvdb.org/25043Exploit
http://www.osvdb.org/25044Exploit
http://www.osvdb.org/25045Exploit
http://www.osvdb.org/25046Exploit
http://www.osvdb.org/25047Exploit
http://www.osvdb.org/25048Exploit
http://www.osvdb.org/25049Exploit
http://www.osvdb.org/25050Exploit
http://www.osvdb.org/25051Exploit
http://www.osvdb.org/25052Exploit
http://www.osvdb.org/25053Exploit
http://www.osvdb.org/25054Exploit
http://www.osvdb.org/25055Exploit
http://www.osvdb.org/25056Exploit
http://www.osvdb.org/25057Exploit
http://www.osvdb.org/25058Exploit
http://www.osvdb.org/25059Exploit
http://www.osvdb.org/25060Exploit
http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html
http://secunia.com/advisories/19867Vendor Advisory
http://www.osvdb.org/25030Exploit
http://www.osvdb.org/25031Exploit
http://www.osvdb.org/25032Exploit
http://www.osvdb.org/25033Exploit
http://www.osvdb.org/25034
http://www.osvdb.org/25035Exploit
http://www.osvdb.org/25036Exploit
http://www.osvdb.org/25037Exploit
http://www.osvdb.org/25038Exploit
http://www.osvdb.org/25039Exploit
http://www.osvdb.org/25041Exploit
http://www.osvdb.org/25042Exploit
http://www.osvdb.org/25043Exploit
http://www.osvdb.org/25044Exploit
http://www.osvdb.org/25045Exploit
http://www.osvdb.org/25046Exploit
http://www.osvdb.org/25047Exploit
http://www.osvdb.org/25048Exploit
http://www.osvdb.org/25049Exploit
http://www.osvdb.org/25050Exploit
http://www.osvdb.org/25051Exploit
http://www.osvdb.org/25052Exploit
http://www.osvdb.org/25053Exploit
http://www.osvdb.org/25054Exploit
http://www.osvdb.org/25055Exploit
http://www.osvdb.org/25056Exploit
http://www.osvdb.org/25057Exploit
http://www.osvdb.org/25058Exploit
http://www.osvdb.org/25059Exploit
http://www.osvdb.org/25060Exploit

Timeline

Published: Apr 26, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-2063?

How severe is CVE-2006-2063?

Severity scoring for CVE-2006-2063 is pending analysis. The EPSS model estimates a 2.39% probability of exploitation in the next 30 days.

How do I fix CVE-2006-2063?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-2063?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST