Lucene search

[email protected]CVE-2006-2491

HistoryMay 19, 2006 - 11:02 p.m.

CVE-2006-2491

2006-05-1923:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

2491

cross-site scripting

xss

vulnerability

boastmachine

bmachine

web script

html

php_self

filtering

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.2%

JSON

Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER[“PHP_SELF”] variable.

CPENameOperatorVersion
kailash_nadh:boastmachinekailash nadh boastmachineeq2.8
boastmachine:boastmachineboastmachinele3.1
kailash_nadh:boastmachinekailash nadh boastmachineeq2.7
kailash_nadh:boastmachinekailash nadh boastmachineeq2.9b
boastmachine:boastmachineboastmachineeq3.0
kailash_nadh:boastmachinekailash nadh boastmachineeq2.5

CPE	Name	Operator	Version
kailash_nadh:boastmachine	kailash nadh boastmachine	eq	2.8
boastmachine:boastmachine	boastmachine	le	3.1
kailash_nadh:boastmachine	kailash nadh boastmachine	eq	2.7
kailash_nadh:boastmachine	kailash nadh boastmachine	eq	2.9b
boastmachine:boastmachine	boastmachine	eq	3.0
kailash_nadh:boastmachine	kailash nadh boastmachine	eq	2.5

References

secunia.com/advisories/20149

securityreason.com/securityalert/725

securityreason.com/securityalert/927

www.osvdb.org/25617

www.osvdb.org/25618

www.securityfocus.com/archive/1/434294/100/0/threaded

www.securityfocus.com/bid/18012

www.vupen.com/english/advisories/2006/1853

exchange.xforce.ibmcloud.com/vulnerabilities/26518

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2006-2491

prion1