Lucene search

[email protected]CVE-2006-1106

HistoryMar 09, 2006 - 1:06 p.m.

CVE-2006-1106

2006-03-0913:06:00

[email protected]

web.nvd.nist.gov

cve-2006-1106

cross-site scripting

xss vulnerability

pixelpost 1.5 beta 1

remote attackers

web script

html

commenting

vendor dispute

nvd

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.

Affected configurations

NVD

Node

pixelpostpixelpostMatch1.4.3

pixelpostpixelpostMatch1.5_beta1

CPENameOperatorVersion
pixelpost:pixelpostpixelposteq1.4.3
pixelpost:pixelpostpixelposteq1.5_beta1

CPE	Name	Operator	Version
pixelpost:pixelpost	pixelpost	eq	1.4.3
pixelpost:pixelpost	pixelpost	eq	1.5_beta1

References

forum.pixelpost.org/showthread.php?t=3535

www.neosecurityteam.net/index.php?action=advisories&id=19

www.securityfocus.com/archive/1/426764/100/0/threaded

www.securityfocus.com/bid/16964

www.vupen.com/english/advisories/2006/0823

exchange.xforce.ibmcloud.com/vulnerabilities/25047

Social References

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2006-1106

prion1 nvd1 cvelist1