CVE-2006-3494
6.4 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
91.0%
Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in © view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vastal_i-tech:buddy_zone | vastal i-tech buddy zone | le | 1.0.1 |
References
secunia.com/advisories/20933
securityreason.com/securityalert/1209
www.osvdb.org/26979
www.osvdb.org/26980
www.osvdb.org/26981
www.osvdb.org/26982
www.osvdb.org/26983
www.osvdb.org/26984
www.osvdb.org/26985
www.osvdb.org/26988
www.osvdb.org/26989
www.osvdb.org/26990
www.osvdb.org/26991
www.osvdb.org/26992
www.osvdb.org/26993
www.securityfocus.com/archive/1/438868/100/0/threaded
www.securityfocus.com/archive/1/440144/100/100/threaded
www.securityfocus.com/bid/18759
www.vupen.com/english/advisories/2006/2645
exchange.xforce.ibmcloud.com/vulnerabilities/27514
6.4 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
91.0%