Lucene search

[email protected]CVE-2006-1029

HistoryMar 07, 2006 - 12:02 a.m.

CVE-2006-1029

2006-03-0700:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1029

cross-site scripting

xss

joomla

denial of service

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.9%

JSON

The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using “<<>AAA<><>”, possibly due to nested or empty tags.

CPENameOperatorVersion
joomla:joomlajoomlaeq1.0.7

CPE	Name	Operator	Version
joomla:joomla	joomla	eq	1.0.7

References

www.joomla.org/content/view/938/78/

www.osvdb.org/23816

www.securityfocus.com/archive/1/426538/100/0/threaded

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVE-2006-1029

prion1 cve1