Lucene search

[email protected]CVE-2006-3004

HistoryJun 13, 2006 - 1:02 a.m.

CVE-2006-3004

2006-06-1301:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ez ringtone manager

xss

cross-site scripting

remote attackers

web script

html

security vulnerability

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search.

CPENameOperatorVersion
scriptsez:ez_ringtone_managerscriptsez ez ringtone managereq*

CPE	Name	Operator	Version
scriptsez:ez_ringtone_manager	scriptsez ez ringtone manager	eq	*

References

secunia.com/advisories/20530

securityreason.com/securityalert/1097

www.securityfocus.com/archive/1/436424

www.securityfocus.com/bid/18340

www.vupen.com/english/advisories/2006/2237

exchange.xforce.ibmcloud.com/vulnerabilities/27062

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.7%

JSON