Lucene search

[email protected]CVE-2006-2228

HistoryMay 05, 2006 - 7:02 p.m.

CVE-2006-2228

2006-05-0519:02:00

[email protected]

web.nvd.nist.gov

security

xss

web application

vulnerability

w-agora

nvd

cve-2006-2228

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.3%

JSON

Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the ‘=’ (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.

Affected configurations

NVD

Node

w-agoraw-agoraMatch4.2.0

CPENameOperatorVersion
w-agora:w-agoraw-agoraeq4.2.0

CPE	Name	Operator	Version
w-agora:w-agora	w-agora	eq	4.2.0

References

securityreason.com/securityalert/847

www.securityfocus.com/archive/1/432457/100/0/threaded

www.securityfocus.com/bid/17751

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.3%

JSON

Related for CVE-2006-2228

prion1 nvd1 cvelist1