Lucene search
HistoryMar 01, 2006 - 2:02 a.m.
CVE-2006-0938
cve-2006-0938
cross-site scripting
xss
ez publish
web security
vulnerability
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.4%
Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.
Affected configurations
Node
ezez_publishRange≤3.7.3
ORezez_publishMatch3.4.8
ORezez_publishMatch3.5.4
ORezez_publishMatch3.5.5
ORezez_publishMatch3.5.6
ORezez_publishMatch3.5.7
ORezez_publishMatch3.5.8
ORezez_publishMatch3.6.0
ORezez_publishMatch3.6.1
ORezez_publishMatch3.6.2
ORezez_publishMatch3.6.3
ORezez_publishMatch3.6.4
ORezez_publishMatch3.6.5
ORezez_publishMatch3.7.0
ORezez_publishMatch3.7.1
ORezez_publishMatch3.7.2
Related
nvd
nvd
CVE-2006-0938
2006-03-01 02:02:00
cvelist
cvelist
CVE-2006-0938
2006-03-01 02:00:00
prion
prion
Cross site scripting
2006-03-01 02:02:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.4%
Related for CVE-2006-0938