CVE-2006-3522
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.0%
Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| clearswift:mimesweeper_for_web | clearswift mimesweeper for web | le | 5.1.14 |
References
download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm
marc.info/?l=full-disclosure&m=115249298204354&w=2
marc.info/?l=full-disclosure&m=115253320721404&w=2
marc.info/?l=full-disclosure&m=115253898206225&w=2
secunia.com/advisories/20998
securitytracker.com/id?1016454
www.securityfocus.com/archive/1/439641/100/0/threaded
www.securityfocus.com/archive/1/440140/100/0/threaded
www.securityfocus.com/bid/18916
www.vupen.com/english/advisories/2006/2731
exchange.xforce.ibmcloud.com/vulnerabilities/27642
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.0%