CVE-2006-1290
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.3%
Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php.
Affected configurations
References
secunia.com/advisories/19258
securitytracker.com/id?1015778
www.osvdb.org/23932
www.osvdb.org/23933
www.securityfocus.com/archive/1/427890/100/0/threaded
www.securityfocus.com/bid/17127
www.ush.it/team/ascii/hack-milkeway/advisory.txt
www.ush.it/team/ascii/hack-milkeway/milkeyway.txt
www.vupen.com/english/advisories/2006/0968
exchange.xforce.ibmcloud.com/vulnerabilities/25288
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.3%