CVE-2006-1661

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.

Reference

http://pridels0.blogspot.com/2006/04/skforum-xss-vuln.html
http://secunia.com/advisories/19484
http://www.osvdb.org/24430
http://www.osvdb.org/24431
http://www.osvdb.org/24432
http://www.securityfocus.com/bid/17389
http://www.vupen.com/english/advisories/2006/1260
https://exchange.xforce.ibmcloud.com/vulnerabilities/25641

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-07-2017 - 01:30

Objavljeno

07-04-2006 - 10:04