CVE-2006-6153

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp.

Reference

http://s-a-p.ca/index.php?page=OurAdvisories&id=47
http://secunia.com/advisories/22987
http://securityreason.com/securityalert/1926
http://securitytracker.com/id?1017259
http://www.securityfocus.com/archive/1/452179/100/100/threaded
http://www.securityfocus.com/bid/21190
https://exchange.xforce.ibmcloud.com/vulnerabilities/30446

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-10-2018 - 21:46

Objavljeno

28-11-2006 - 23:28