Lucene search

[email protected]CVE-2006-3132

HistoryJun 22, 2006 - 1:02 a.m.

CVE-2006-3132

2006-06-2201:02:00

[email protected]

web.nvd.nist.gov

cve-2006-3132

xss vulnerability

qtofm.php4

qtofilemanager

remote attackers

web script

html

msg parameter

6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

83.7%

JSON

Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php.

Affected configurations

NVD

Node

qtoqtofilemanagerMatch1.0

CPENameOperatorVersion
qto:qtofilemanagerqto qtofilemanagereq1.0

CPE	Name	Operator	Version
qto:qtofilemanager	qto qtofilemanager	eq	1.0

References

secunia.com/advisories/20681

securityreason.com/securityalert/1118

securitytracker.com/id?1016333

www.securityfocus.com/archive/1/437754/100/0/threaded

www.securityfocus.com/bid/18510

www.vupen.com/english/advisories/2006/2434

exchange.xforce.ibmcloud.com/vulnerabilities/27310

6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2006-3132

cvelist1 nvd1