CVE-2006-3377
6.4 Medium
AI Score
Confidence
High
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.019 Low
EPSS
Percentile
88.3%
Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jmb_software:autorank | jmb software autorank | le | pro_5.01 |
| jmb_software:autorank | jmb software autorank | le | php_3.02 |
References
secunia.com/advisories/20903
secunia.com/advisories/20929
securitytracker.com/id?1016428
securitytracker.com/id?1016429
www.majorsecurity.de/advisory/major_rls19.txt
www.securityfocus.com/archive/1/438941/100/0/threaded
www.securityfocus.com/bid/18796
www.vupen.com/english/advisories/2006/2658
www.vupen.com/english/advisories/2006/2659
exchange.xforce.ibmcloud.com/vulnerabilities/27552
6.4 Medium
AI Score
Confidence
High
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.019 Low
EPSS
Percentile
88.3%