CVE-2006-1157

Sažetak

Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php.

Reference

http://biyosecurity.be/bugs/adpforum2.txt
http://www.osvdb.org/23961
http://www.securityfocus.com/archive/1/427171/100/0/threaded
http://www.securityfocus.com/bid/17047
http://www.vupen.com/english/advisories/2006/0901
https://exchange.xforce.ibmcloud.com/vulnerabilities/25189

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:31

Objavljeno

12-03-2006 - 20:02