Lucene search

MitreCVE-2006-2425

HistoryMay 17, 2006 - 10:06 a.m.

CVE-2006-2425

2006-05-1710:06:00

mitre

web.nvd.nist.gov

cve-2006-2425

cross-site scripting

xss

prv.php

phpremoteview

security vulnerability

web script

html

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) “MAKE DIR” and (5) “Full file name” fields.

Affected configurations

Nvd

Node

phpremoteviewphpremoteviewRange≤2003-10-23

VendorProductVersionCPE
phpremoteviewphpremoteview*cpe:2.3:a:phpremoteview:phpremoteview:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpremoteview	phpremoteview	*	cpe:2.3:a:phpremoteview:phpremoteview::::::::

References

secunia.com/advisories/20141

securityreason.com/securityalert/902

soot.shabgard.org/bugs/phpremoteview.txt

www.osvdb.org/25572

www.securityfocus.com/archive/1/434118/100/0/threaded

www.securityfocus.com/bid/17994

www.vupen.com/english/advisories/2006/1844

exchange.xforce.ibmcloud.com/vulnerabilities/26473

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON

Related for CVE-2006-2425