Lucene search

[email protected]CVE-2006-0524

HistoryFeb 02, 2006 - 11:02 a.m.

CVE-2006-0524

2006-02-0211:02:00

[email protected]

web.nvd.nist.gov

cve-2006-0524

cross-site scripting

xss vulnerability

ashnews 0.83

nvd

web security

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.9%

JSON

Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Affected configurations

NVD

Node

ashwebstudioashnewsMatch0.83

CPENameOperatorVersion
ashwebstudio:ashnewsashwebstudio ashnewseq0.83

CPE	Name	Operator	Version
ashwebstudio:ashnews	ashwebstudio ashnews	eq	0.83

References

archives.neohapsis.com/archives/fulldisclosure/2006-01/0955.html

archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html

archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html

secunia.com/advisories/9331

www.osvdb.org/22934

www.securityfocus.com/bid/16426

exchange.xforce.ibmcloud.com/vulnerabilities/24365

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2006-0524

cvelist1 nvd1 prion1 nessus1