Lucene search

[email protected]CVE-2006-1532

HistoryMar 30, 2006 - 11:02 a.m.

CVE-2006-1532

2006-03-3011:02:00

[email protected]

web.nvd.nist.gov

cve-2006-1532

cross-site scripting

xss vulnerability

php classifieds

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Cross-site scripting (XSS) vulnerability in search.php in PHP Classifieds 6.18, 6.20, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchword parameter.

Affected configurations

NVD

Node

deltascriptsphp_classifiedsMatch6.18

deltascriptsphp_classifiedsMatch6.20

CPENameOperatorVersion
deltascripts:php_classifiedsdeltascripts php classifiedseq6.18
deltascripts:php_classifiedsdeltascripts php classifiedseq6.20

CPE	Name	Operator	Version
deltascripts:php_classifieds	deltascripts php classifieds	eq	6.18
deltascripts:php_classifieds	deltascripts php classifieds	eq	6.20

References

osvdb.org/ref/24/24232-php_classifieds.txt

secunia.com/advisories/19440

www.osvdb.org/24232

www.securityfocus.com/bid/17305

www.vupen.com/english/advisories/2006/1143

exchange.xforce.ibmcloud.com/vulnerabilities/25507

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2006-1532

cvelist1 nvd1 prion1