CVE-2006-5770

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php.

Reference

http://www.osvdb.org/32046
http://www.osvdb.org/32047
http://www.osvdb.org/32048
http://www.osvdb.org/32049
http://www.osvdb.org/32050
http://www.osvdb.org/32051
http://www.securityfocus.com/archive/1/450496/100/0/threaded
http://www.securityfocus.com/bid/20895
https://exchange.xforce.ibmcloud.com/vulnerabilities/30007

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-10-2018 - 21:44

Objavljeno

06-11-2006 - 23:07