Lucene search

MitreCVE-2006-1406

HistoryMar 28, 2006 - 11:06 a.m.

CVE-2006-1406

2006-03-2811:06:00

mitre

web.nvd.nist.gov

cve-2006-1406

cross-site scripting

xss

wbadmlog.aspx

uniforum 4.0

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters.

Affected configurations

Nvd

Node

uniforumuniforumRange≤4

VendorProductVersionCPE
uniforumuniforum*cpe:2.3:a:uniforum:uniforum:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
uniforum	uniforum	*	cpe:2.3:a:uniforum:uniforum::::::::

References

pridels0.blogspot.com/2006/03/uniforum-xss-vuln.html

secunia.com/advisories/19397

www.osvdb.org/24123

www.securityfocus.com/bid/17245

www.vupen.com/english/advisories/2006/1101

exchange.xforce.ibmcloud.com/vulnerabilities/25433

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Related for CVE-2006-1406