Lucene search

[email protected]CVE-2006-2473

HistoryMay 19, 2006 - 5:02 p.m.

CVE-2006-2473

2006-05-1917:02:00

[email protected]

web.nvd.nist.gov

cve

2006

2473

cross-site scripting

xss

openwiki

security vulnerability

remote attack

web script

html

ow.asp

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

JSON

Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this issue has been disputed by the vendor and a third party who is affiliated with the product. The vendor states "You cannot insert code in a wikipage or via URL parameters as they are all escaped before usage, so nothing can be compromised at other sites.

Affected configurations

NVD

Node

openwikiopenwikiMatch0.78

CPENameOperatorVersion
openwiki:openwikiopenwikieq0.78

CPE	Name	Operator	Version
openwiki:openwiki	openwiki	eq	0.78

References

securityreason.com/securityalert/920

www.openwiki.com/ow.asp?OpenWikiVulnerability

www.openwiki.com/ow.asp?XssVulnerability

www.securityfocus.com/archive/1/434295/100/0/threaded

www.securityfocus.com/archive/1/496294/100/0/threaded

www.securityfocus.com/bid/18013

exchange.xforce.ibmcloud.com/vulnerabilities/26517

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for CVE-2006-2473

prion1 cvelist1 nvd1