Lucene search

[email protected]CVE-2006-2243

HistoryMay 09, 2006 - 10:02 a.m.

CVE-2006-2243

2006-05-0910:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2243

cross-site scripting

xss

web4future news portal

remote attackers

arbitrary web script

html

sql injection

7.2 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection.

CPENameOperatorVersion
web4future:news_portalweb4future news portaleq*

CPE	Name	Operator	Version
web4future:news_portal	web4future news portal	eq	*

References

secunia.com/advisories/17880

securitytracker.com/id?1016027

www.osvdb.org/25287

www.osvdb.org/25288

exchange.xforce.ibmcloud.com/vulnerabilities/26259

7.2 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON

Related for CVE-2006-2243

prion1