CVE-2006-0521

Sažetak

Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag.

Reference

http://secunia.com/advisories/18658
http://securityreason.com/securityalert/393
http://www.osvdb.org/22841
http://www.securityfocus.com/archive/1/423546/100/0/threaded
http://www.securityfocus.com/bid/16435
http://www.vupen.com/english/advisories/2006/0391
https://exchange.xforce.ibmcloud.com/vulnerabilities/24390

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:45

Objavljeno

02-02-2006 - 11:02