Lucene search

[email protected]CVE-2006-2174

HistoryMay 04, 2006 - 12:38 p.m.

CVE-2006-2174

2006-05-0412:38:00

[email protected]

web.nvd.nist.gov

cve-2006-2174

xss

vulnerabilities

vhcs

admin

server_day_stats.php

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.065 Low

EPSS

Percentile

93.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter.

Affected configurations

NVD

Node

virtual_hosting_control_systemvirtual_hosting_control_systemMatch2.4.7.1

CPENameOperatorVersion
virtual_hosting_control_system:virtual_hosting_control_systemvirtual hosting control systemeq2.4.7.1

CPE	Name	Operator	Version
virtual_hosting_control_system:virtual_hosting_control_system	virtual hosting control system	eq	2.4.7.1

References

secunia.com/advisories/19940

securityreason.com/securityalert/832

www.aria-security.net/hm/vhcs.txt

www.securityfocus.com/archive/1/432711

www.securityfocus.com/bid/17790

www.vupen.com/english/advisories/2006/1634

exchange.xforce.ibmcloud.com/vulnerabilities/26209

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.065 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2006-2174

cvelist1 nvd1 prion1