Lucene search

MitreCVE-2006-3024

HistoryJun 15, 2006 - 10:02 a.m.

CVE-2006-3024

2006-06-1510:02:00

mitre

web.nvd.nist.gov

cve-2006-3024

cross-site scripting

xss

evgenius counter

security vulnerability

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in EvGenius Counter 3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) monthly.php and (2) daily.php.

Affected configurations

Nvd

Node

evgeniusevgenius_counterRange≤3.4

VendorProductVersionCPE
evgeniusevgenius_counter*cpe:2.3:a:evgenius:evgenius_counter:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
evgenius	evgenius_counter	*	cpe:2.3:a:evgenius:evgenius_counter::::::::

References

pridels0.blogspot.com/2006/06/evgenius-counter-xss-vuln.html

secunia.com/advisories/20546

securitytracker.com/id?1016281

www.osvdb.org/26423

www.osvdb.org/26424

www.vupen.com/english/advisories/2006/2309

exchange.xforce.ibmcloud.com/vulnerabilities/27078

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Related for CVE-2006-3024