Lucene search

MitreCVE-2006-0507

HistoryFeb 01, 2006 - 11:02 p.m.

CVE-2006-0507

2006-02-0123:02:00

mitre

web.nvd.nist.gov

security

xss

easy cms

remote attack

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form.

Affected configurations

Nvd

Node

easy_cmseasy_cms

VendorProductVersionCPE
easy_cmseasy_cms*cpe:2.3:a:easy_cms:easy_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
easy_cms	easy_cms	*	cpe:2.3:a:easy_cms:easy_cms::::::::

References

secunia.com/advisories/18673

www.securityfocus.com/archive/1/423442/100/0/threaded

www.securityfocus.com/archive/1/423563/100/0/threaded

www.securityfocus.com/archive/1/424431/100/0/threaded

www.securityfocus.com/bid/16430

www.vupen.com/english/advisories/2006/0385

exchange.xforce.ibmcloud.com/vulnerabilities/24371

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Related for CVE-2006-0507