Lucene search

[email protected]CVE-2006-1435

HistoryApr 03, 2006 - 2:04 p.m.

CVE-2006-1435

2006-04-0314:04:00

[email protected]

web.nvd.nist.gov

cve-2006-1435

aria

genmessage.php

xss

vulnerability

web security

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.5%

JSON

Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter).

Affected configurations

NVD

Node

accounting_receiving_and_inventory_administrationariaMatch0.99-6

CPENameOperatorVersion
accounting_receiving_and_inventory_administration:ariaaccounting receiving and inventory administration ariaeq0.99-6

CPE	Name	Operator	Version
accounting_receiving_and_inventory_administration:aria	accounting receiving and inventory administration aria	eq	0.99-6

References

osvdb.org/ref/24/24255-aria.txt

secunia.com/advisories/19551

www.osvdb.org/24255

www.securityfocus.com/bid/17411

exchange.xforce.ibmcloud.com/vulnerabilities/25688

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for CVE-2006-1435

nvd1 exploitdb1 cvelist1 prion1