Lucene search

[email protected]CVE-2006-2672

HistoryMay 30, 2006 - 9:02 p.m.

CVE-2006-2672

2006-05-3021:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2672

xss

realty pro one

web script

html

sql injection

7.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or © request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.

CPENameOperatorVersion
interquest_internet_services:realty_pro_oneinterquest internet services realty pro oneeq*

CPE	Name	Operator	Version
interquest_internet_services:realty_pro_one	interquest internet services realty pro one	eq	*

References

secunia.com/advisories/20286

securityreason.com/securityalert/988

www.osvdb.org/25772

www.osvdb.org/25773

www.osvdb.org/25774

www.osvdb.org/25775

www.securityfocus.com/archive/1/435012/100/0/threaded

www.vupen.com/english/advisories/2006/1985

exchange.xforce.ibmcloud.com/vulnerabilities/26677

7.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2006-2672

prion1