Lucene search

[email protected]CVE-2006-2533

HistoryMay 22, 2006 - 11:10 p.m.

CVE-2006-2533

2006-05-2223:10:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2533

cross-site scripting

xss

vulnerability

destiney rated images script

addweblog.php

leavecomments.php

html

javascript

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.5%

JSON

Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag.

CPENameOperatorVersion
greg_donald:destiney_rated_images_scriptgreg donald destiney rated images scripteq0.5.0

CPE	Name	Operator	Version
greg_donald:destiney_rated_images_script	greg donald destiney rated images script	eq	0.5.0

References

secunia.com/advisories/20249

securityreason.com/securityalert/940

www.securityfocus.com/archive/1/434691/100/0/threaded

www.securityfocus.com/archive/1/435093/100/0/threaded

www.securityfocus.com/bid/18070

www.vupen.com/english/advisories/2006/1927

exchange.xforce.ibmcloud.com/vulnerabilities/26605

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.5%

JSON

Related for CVE-2006-2533

prion1