Lucene search

[email protected]CVE-2006-1720

HistoryApr 11, 2006 - 11:02 p.m.

CVE-2006-1720

2006-04-1123:02:00

[email protected]

web.nvd.nist.gov

cve

2006

1720

cross-site scripting

xss

vulnerability

search.php

saphplesson 3.0

remote attackers

web script

html

word parameter

sql injection

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.6%

JSON

Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection.

Affected configurations

NVD

Node

arablesssaphplessonMatch2.0

arablesssaphplessonMatch3.0

CPENameOperatorVersion
arabless:saphplessonarabless saphplessoneq2.0
arabless:saphplessonarabless saphplessoneq3.0

CPE	Name	Operator	Version
arabless:saphplesson	arabless saphplesson	eq	2.0
arabless:saphplesson	arabless saphplesson	eq	3.0

References

securityreason.com/securityalert/683

securitytracker.com/id?1015883

www.securityfocus.com/archive/1/430293/100/0/threaded

www.securityfocus.com/bid/17414

www.vupen.com/english/advisories/2006/1317

exchange.xforce.ibmcloud.com/vulnerabilities/25719

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.6%

JSON

Related for CVE-2006-1720

cvelist1 prion1 nvd1