Lucene search

[email protected]CVE-2006-0980

HistoryMar 03, 2006 - 11:02 a.m.

CVE-2006-0980

2006-03-0311:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0980

xss

jay eckles

cgi calendar 2.7

cross-site scripting

remote attack

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi.

CPENameOperatorVersion
jay_eckles:cgi_calendarjay eckles cgi calendareq2.7

CPE	Name	Operator	Version
jay_eckles:cgi_calendar	jay eckles cgi calendar	eq	2.7

References

secunia.com/advisories/19066

www.securityfocus.com/archive/1/426198/100/0/threaded

www.vupen.com/english/advisories/2006/0764

exchange.xforce.ibmcloud.com/vulnerabilities/24946

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.5%

JSON

Related for CVE-2006-0980

prion1