Lucene search

[email protected]CVE-2006-0802

HistoryFeb 20, 2006 - 10:02 p.m.

CVE-2006-0802

2006-02-2022:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0802

cross-site scripting

xss vulnerability

ns-languages module

postnuke

nvd

security

web script

html

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.5%

JSON

Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation.

CPENameOperatorVersion
postnuke_software_foundation:postnukepostnuke software foundation postnukele0.761

CPE	Name	Operator	Version
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	le	0.761

References

archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html

news.postnuke.com/index.php?name=News&file=article&sid=2754

secunia.com/advisories/18937

securityreason.com/securityalert/454

www.securityfocus.com/bid/16752

www.vupen.com/english/advisories/2006/0673

exchange.xforce.ibmcloud.com/vulnerabilities/24823

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.5%

JSON

Related for CVE-2006-0802

prion1 nessus1