CVE-2006-2497

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp.

Reference

http://secunia.com/advisories/20175
http://securityreason.com/securityalert/926
http://www.osvdb.org/25650
http://www.osvdb.org/25651
http://www.securityfocus.com/archive/1/434370/100/0/threaded
http://www.securityfocus.com/bid/18025
https://exchange.xforce.ibmcloud.com/vulnerabilities/26530

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:40

Objavljeno

20-05-2006 - 03:02