Lucene search

MitreCVE-2006-2524

HistoryMay 22, 2006 - 10:02 p.m.

CVE-2006-2524

2006-05-2222:02:00

mitre

web.nvd.nist.gov

cve

2006

2524

cross-site scripting

xss

vulnerability

usebb

rc1

nvd

web script

html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.7

Confidence

High

EPSS

0.019

Percentile

88.7%

JSON

Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format.

Affected configurations

Nvd

Node

usebbusebbMatch1.0_rc1

VendorProductVersionCPE
usebbusebb1.0_rc1cpe:2.3:a:usebb:usebb:1.0_rc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
usebb	usebb	1.0_rc1	cpe:2.3:a:usebb:usebb:1.0_rc1:::::::*

References

secunia.com/advisories/20187

sourceforge.net/project/shownotes.php?release_id=418462&group_id=93103

www.osvdb.org/25684

www.usebb.net/community/topic.php?id=1130

www.vupen.com/english/advisories/2006/1900

exchange.xforce.ibmcloud.com/vulnerabilities/26600

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.7

Confidence

High

EPSS

0.019

Percentile

88.7%

JSON

Related for CVE-2006-2524