Lucene search

[email protected]CVE-2006-2231

HistoryMay 05, 2006 - 7:02 p.m.

CVE-2006-2231

2006-05-0519:02:00

[email protected]

web.nvd.nist.gov

102

cve-2006-2231

cross-site scripting

xss

addguest.cgi

web security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi.

Affected configurations

NVD

Node

big_webmasterbig_webmaster_guestbook_scriptRange≤1.02

CPENameOperatorVersion
big_webmaster:big_webmaster_guestbook_scriptbig webmaster big webmaster guestbook scriptle1.02

CPE	Name	Operator	Version
big_webmaster:big_webmaster_guestbook_script	big webmaster big webmaster guestbook script	le	1.02

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/045752.html

secunia.com/advisories/19971

securityreason.com/securityalert/843

www.osvdb.org/25257

www.securityfocus.com/archive/1/432970/100/0/threaded

www.securityfocus.com/bid/17834

exchange.xforce.ibmcloud.com/vulnerabilities/26246

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.9%

JSON

Related for CVE-2006-2231

prion1 cvelist1 nvd1