Lucene search

[email protected]CVE-2006-2567

HistoryMay 24, 2006 - 8:02 p.m.

CVE-2006-2567

2006-05-2420:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2567

xss

web security

submit_article.php

alstrasoft article manager pro 1.6

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.7%

JSON

Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element.

CPENameOperatorVersion
alstrasoft:article_manager_proalstrasoft article manager proeq1.6

CPE	Name	Operator	Version
alstrasoft:article_manager_pro	alstrasoft article manager pro	eq	1.6

References

secunia.com/advisories/20228

securityreason.com/securityalert/949

www.securityfocus.com/archive/1/434847/100/0/threaded

www.vupen.com/english/advisories/2006/1943

exchange.xforce.ibmcloud.com/vulnerabilities/26673

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for CVE-2006-2567

prion1