CVE-2006-7078

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048194.html
http://secunia.com/advisories/21206
http://securityreason.com/securityalert/2329
http://www.securityfocus.com/archive/1/441194/100/0/threaded
http://www.vupen.com/english/advisories/2006/2981
https://exchange.xforce.ibmcloud.com/vulnerabilities/27967

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

16-10-2018 - 16:29

Objavljeno

02-03-2007 - 21:18