Lucene search

[email protected]CVE-2006-1233

HistoryMar 14, 2006 - 7:06 p.m.

CVE-2006-1233

2006-03-1419:06:00

[email protected]

web.nvd.nist.gov

cve-2006-1233

cross-site scripting

xss

wmnews

web security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php.

Affected configurations

NVD

Node

mikael_softwarewmnews

CPENameOperatorVersion
mikael_software:wmnewsmikael software wmnewseq*

CPE	Name	Operator	Version
mikael_software:wmnews	mikael software wmnews	eq	*

References

biyosecurity.be/bugs/wmnews.txt

secunia.com/advisories/19204

www.osvdb.org/23840

www.osvdb.org/23841

www.osvdb.org/23842

www.securityfocus.com/archive/1/427479/100/0/threaded

www.securityfocus.com/bid/17076

www.vupen.com/english/advisories/2006/0939

exchange.xforce.ibmcloud.com/vulnerabilities/25210

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for CVE-2006-1233

prion1 cvelist1 nvd1