Lucene search

[email protected]CVE-2006-2536

HistoryMay 22, 2006 - 11:10 p.m.

CVE-2006-2536

2006-05-2223:10:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

2536

cross-site scripting

xss

vulnerability

destiney links script

web script

html

remote attackers

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.9%

JSON

Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) “Search” (term parameter in index.php) and (2) “Add a Site” (add.php) fields.

CPENameOperatorVersion
greg_donald:destiney_links_scriptgreg donald destiney links scripteq2.1.2

CPE	Name	Operator	Version
greg_donald:destiney_links_script	greg donald destiney links script	eq	2.1.2

References

secunia.com/advisories/20248

securityreason.com/securityalert/937

www.securityfocus.com/archive/1/434692/100/0/threaded

www.securityfocus.com/bid/18071

www.vupen.com/english/advisories/2006/1933

exchange.xforce.ibmcloud.com/vulnerabilities/26612

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for CVE-2006-2536

prion1