Lucene search

[email protected]CVE-2006-1846

HistoryApr 19, 2006 - 4:06 p.m.

CVE-2006-1846

2006-04-1916:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1846

xss

php-nuke 7.8

web security

vulnerability

remote attack

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user’s personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user’s personal menu, which presumably is not modifiable by others.

CPENameOperatorVersion
francisco_burzi:php-nukefrancisco burzi php-nukeeq7.8

CPE	Name	Operator	Version
francisco_burzi:php-nuke	francisco burzi php-nuke	eq	7.8

References

secunia.com/advisories/18972

www.osvdb.org/23431

www.securityfocus.com/bid/16774

www.vupen.com/english/advisories/2006/0687

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

Related for CVE-2006-1846

prion1