CVE-2006-2755

Sažetak

Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.

Reference

http://securityreason.com/securityalert/1007
http://www.nukedx.com/?viewdoc=40
http://www.securityfocus.com/archive/1/435288/100/0/threaded
http://www.securityfocus.com/archive/1/435296/100/0/threaded
http://www.securityfocus.com/bid/18152
https://exchange.xforce.ibmcloud.com/vulnerabilities/26870

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:41

Objavljeno

02-06-2006 - 01:02