Lucene search

[email protected]CVE-2006-3308

HistoryJun 29, 2006 - 1:05 a.m.

CVE-2006-3308

2006-06-2901:05:00

[email protected]

web.nvd.nist.gov

cve-2006-3308

vulnerability

wpprop code

project eros

bbsengine

remote attack vectors

cross-site scripting

xss

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS).

Affected configurations

NVD

Node

zoid_technologiesproject_eros_bbsengineRange≤2006-06-21

zoid_technologiesproject_eros_bbsengineMatch2006-02-23

zoid_technologiesproject_eros_bbsengineMatch2006-04-29

zoid_technologiesproject_eros_bbsengineMatch2006-05-01

zoid_technologiesproject_eros_bbsengineMatch2006-05-09

zoid_technologiesproject_eros_bbsengineMatch2006-05-10

zoid_technologiesproject_eros_bbsengineMatch2006-05-12

zoid_technologiesproject_eros_bbsengineMatch2006-05-19

zoid_technologiesproject_eros_bbsengineMatch2006-05-20

CPENameOperatorVersion
zoid_technologies:project_eros_bbsenginezoid technologies project eros bbsenginele2006-06-21
zoid_technologies:project_eros_bbsenginezoid technologies project eros bbsengineeq2006-02-23
zoid_technologies:project_eros_bbsenginezoid technologies project eros bbsengineeq2006-04-29
zoid_technologies:project_eros_bbsenginezoid technologies project eros bbsengineeq2006-05-01
zoid_technologies:project_eros_bbsenginezoid technologies project eros bbsengineeq2006-05-09
zoid_technologies:project_eros_bbsenginezoid technologies project eros bbsengineeq2006-05-10
zoid_technologies:project_eros_bbsenginezoid technologies project eros bbsengineeq2006-05-12
zoid_technologies:project_eros_bbsenginezoid technologies project eros bbsengineeq2006-05-19
zoid_technologies:project_eros_bbsenginezoid technologies project eros bbsengineeq2006-05-20

CPE	Name	Operator	Version
zoid_technologies:project_eros_bbsengine	zoid technologies project eros bbsengine	le	2006-06-21
zoid_technologies:project_eros_bbsengine	zoid technologies project eros bbsengine	eq	2006-02-23
zoid_technologies:project_eros_bbsengine	zoid technologies project eros bbsengine	eq	2006-04-29
zoid_technologies:project_eros_bbsengine	zoid technologies project eros bbsengine	eq	2006-05-01
zoid_technologies:project_eros_bbsengine	zoid technologies project eros bbsengine	eq	2006-05-09
zoid_technologies:project_eros_bbsengine	zoid technologies project eros bbsengine	eq	2006-05-10
zoid_technologies:project_eros_bbsengine	zoid technologies project eros bbsengine	eq	2006-05-12
zoid_technologies:project_eros_bbsengine	zoid technologies project eros bbsengine	eq	2006-05-19
zoid_technologies:project_eros_bbsengine	zoid technologies project eros bbsengine	eq	2006-05-20

References

secunia.com/advisories/20760

sourceforge.net/project/shownotes.php?release_id=427430&group_id=86388

www.securityfocus.com/bid/18627

www.vupen.com/english/advisories/2006/2503

exchange.xforce.ibmcloud.com/vulnerabilities/27488

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for CVE-2006-3308

cvelist1 nvd1