Lucene search

[email protected]CVE-2006-0923

HistoryFeb 28, 2006 - 11:02 a.m.

CVE-2006-0923

2006-02-2811:02:00

[email protected]

web.nvd.nist.gov

xss

myphpnuke

mpn

cross-site scripting

web security

vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.

Affected configurations

NVD

Node

myphpnukemyphpnukeRange≤1.8.8

myphpnukemyphpnukeMatch1.8.8_7

myphpnukemyphpnukeMatch1.8.8_8_rc2

CPENameOperatorVersion
myphpnuke:myphpnukemyphpnukele1.8.8
myphpnuke:myphpnukemyphpnukeeq1.8.8_7
myphpnuke:myphpnukemyphpnukeeq1.8.8_8_rc2

CPE	Name	Operator	Version
myphpnuke:myphpnuke	myphpnuke	le	1.8.8
myphpnuke:myphpnuke	myphpnuke	eq	1.8.8_7
myphpnuke:myphpnuke	myphpnuke	eq	1.8.8_8_rc2

References

secunia.com/advisories/19052

securityreason.com/securityalert/491

www.myphpnuke.com/article.php?sid=1035&mode=thread&order=0

www.nukedx.com/?viewdoc=12

www.securityfocus.com/archive/1/425983/100/0/threaded

www.securityfocus.com/bid/16815

www.vupen.com/english/advisories/2006/0750

exchange.xforce.ibmcloud.com/vulnerabilities/24887

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.1%

JSON

Related for CVE-2006-0923

nvd1 prion1 cvelist1