CVE-2006-2140

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.

Reference

http://pridels0.blogspot.com/2006/04/orbithyip-xss.html
http://secunia.com/advisories/19877
http://www.osvdb.org/25141
http://www.osvdb.org/25142
http://www.securityfocus.com/bid/17766
http://www.vupen.com/english/advisories/2006/1583
https://exchange.xforce.ibmcloud.com/vulnerabilities/26163

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

20-07-2017 - 01:31

Objavljeno

02-05-2006 - 10:02