Lucene search

[email protected]CVE-2006-3519

HistoryJul 11, 2006 - 11:05 p.m.

CVE-2006-3519

2006-07-1123:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

3519

xss

vulnerabilities

the banner engine

tbe 4.0

remote attackers

web script

html

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

83.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php.

CPENameOperatorVersion
native_solutions:the_banner_enginenative solutions the banner engineeq4.0

CPE	Name	Operator	Version
native_solutions:the_banner_engine	native solutions the banner engine	eq	4.0

References

secunia.com/advisories/20916

securityreason.com/securityalert/1204

securitytracker.com/id?1016432

www.securityfocus.com/archive/1/438972/100/0/threaded

www.securityfocus.com/bid/18793

www.vupen.com/english/advisories/2006/2656

exchange.xforce.ibmcloud.com/vulnerabilities/27549

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

83.5%

JSON