Lucene search

[email protected]CVE-2006-3038

HistoryJun 15, 2006 - 10:02 a.m.

CVE-2006-3038

2006-06-1510:02:00

[email protected]

web.nvd.nist.gov

cve-2006-3038

cross-site scripting

xss

cescripts realty room rent

index.php

sel_menu parameter

web script

html

cescripts.com

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that “All issues concerning this script and others at cescripts.com have been addressed and fixed.”

Affected configurations

NVD

Node

cescriptsrealty_room_rent

CPENameOperatorVersion
cescripts:realty_room_rentcescripts realty room renteq*

CPE	Name	Operator	Version
cescripts:realty_room_rent	cescripts realty room rent	eq	*

References

secunia.com/advisories/20586

www.attrition.org/pipermail/vim/2006-August/000983.html

www.securityfocus.com/archive/1/436805

www.securityfocus.com/archive/1/444136/100/0/threaded

www.vupen.com/english/advisories/2006/2344

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2006-3038

cvelist1 nvd1