Lucene search

[email protected]CVE-2006-2997

HistoryJun 13, 2006 - 1:02 a.m.

CVE-2006-2997

2006-06-1301:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2997

cross-site scripting

xss vulnerability

zms 2.9

web script injection

html injection

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.

Affected configurations

NVD

Node

zms_publishingzmsRange≤2.9.2

CPENameOperatorVersion
zms_publishing:zmszms publishing zmsle2.9.2

CPE	Name	Operator	Version
zms_publishing:zms	zms publishing zms	le	2.9.2

References

secunia.com/advisories/20585

securityreason.com/securityalert/1093

securitytracker.com/id?1016275

www.majorsecurity.de/advisory/major_rls12.txt

www.securityfocus.com/archive/1/436703/100/0/threaded

www.vupen.com/english/advisories/2006/2279

exchange.xforce.ibmcloud.com/vulnerabilities/27055

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

Related for CVE-2006-2997

cvelist1 nvd1