Lucene search

[email protected]CVE-2006-2477

HistoryMay 19, 2006 - 5:02 p.m.

CVE-2006-2477

2006-05-1917:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

2477

cross-site scripting

xss

vulnerability

bitrix site manager

nvd

6.3 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%

JSON

Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.

CPENameOperatorVersion
bitrix:bitrix_site_managerbitrix bitrix site managereq4.0.7
bitrix:bitrix_site_managerbitrix bitrix site managereq4.0.3
bitrix:bitrix_site_managerbitrix bitrix site managereq4.0.4
bitrix:bitrix_site_managerbitrix bitrix site managereq4.0.2
bitrix:bitrix_site_managerbitrix bitrix site managereq4.0.6
bitrix:bitrix_site_managerbitrix bitrix site managereq4.0.8
bitrix:bitrix_site_managerbitrix bitrix site managereq4.0.5
bitrix:bitrix_site_managerbitrix bitrix site managereq4.1.0
bitrix:bitrix_site_managerbitrix bitrix site managereq4.0.0

CPE	Name	Operator	Version
bitrix:bitrix_site_manager	bitrix bitrix site manager	eq	4.0.7
bitrix:bitrix_site_manager	bitrix bitrix site manager	eq	4.0.3
bitrix:bitrix_site_manager	bitrix bitrix site manager	eq	4.0.4
bitrix:bitrix_site_manager	bitrix bitrix site manager	eq	4.0.2
bitrix:bitrix_site_manager	bitrix bitrix site manager	eq	4.0.6
bitrix:bitrix_site_manager	bitrix bitrix site manager	eq	4.0.8
bitrix:bitrix_site_manager	bitrix bitrix site manager	eq	4.0.5
bitrix:bitrix_site_manager	bitrix bitrix site manager	eq	4.1.0
bitrix:bitrix_site_manager	bitrix bitrix site manager	eq	4.0.0

References

secunia.com/advisories/20143

securityreason.com/securityalert/918

securitytracker.com/id?1016121

www.securityfocus.com/archive/1/434367/100/0/threaded

www.vupen.com/english/advisories/2006/1858

exchange.xforce.ibmcloud.com/vulnerabilities/26544

6.3 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for CVE-2006-2477

prion1