Lucene search

[email protected]CVE-2006-0726

HistoryFeb 16, 2006 - 11:02 a.m.

CVE-2006-0726

2006-02-1611:02:00

[email protected]

web.nvd.nist.gov

cve-2006-0726

cross-site scripting

xss vulnerability

cpg-nuke dragonfly cms

web security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON

Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.

Affected configurations

NVD

Node

cpg-nukedragonfly_cmsMatch9.0.6.1

CPENameOperatorVersion
cpg-nuke:dragonfly_cmscpg-nuke dragonfly cmseq9.0.6.1

CPE	Name	Operator	Version
cpg-nuke:dragonfly_cms	cpg-nuke dragonfly cms	eq	9.0.6.1

References

dragonflycms.org/cvs/html/includes/functions/linking.php?b=9.19.2

dragonflycms.org/cvs/html/includes/functions/linking.php?d=9.23-9.22

dragonflycms.org/Forums/viewtopic/t=14751.html

dragonflycms.org/Forums/viewtopic/t=14877/postdays=0/postorder=asc/start=15.html

secunia.com/advisories/18919

www.osvdb.org/23060

www.securityfocus.com/bid/16781

www.vupen.com/english/advisories/2006/0688

exchange.xforce.ibmcloud.com/vulnerabilities/24842

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for CVE-2006-0726

cvelist1 nvd1 prion1