Lucene search

[email protected]CVE-2006-1850

HistoryApr 19, 2006 - 4:06 p.m.

CVE-2006-1850

2006-04-1916:06:00

[email protected]

web.nvd.nist.gov

cve-2006-1850

cross-site scripting

xss vulnerabilities

xflow 5.46.11

remote attackers

web script

html

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi.

Affected configurations

NVD

Node

skymarx_solutionsxflowRange≤5.46.11

CPENameOperatorVersion
skymarx_solutions:xflowskymarx solutions xflowle5.46.11

CPE	Name	Operator	Version
skymarx_solutions:xflow	skymarx solutions xflow	le	5.46.11

References

pridels0.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html

secunia.com/advisories/19707

www.securityfocus.com/bid/17614

www.vupen.com/english/advisories/2006/1412

exchange.xforce.ibmcloud.com/vulnerabilities/25854

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for CVE-2006-1850

nvd1 prion1 cvelist1