CVE Database · CVE-2006-0923
CVSS v3.1
N/A
EPSS
2.13%
Published
Feb 28, 2006
Modified
Apr 15, 2026
Public PoC / Exploit (3)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.
Affected Products (3)
References (16)
