Lucene search

K
cve[email protected]CVE-2006-3533
HistoryJul 12, 2006 - 9:05 p.m.

CVE-2006-3533

2006-07-1221:05:00
NVD-CWE-Other
web.nvd.nist.gov
15
cve-2006-3533
cross-site scripting
xss
pivot
vulnerability
register_globals

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.031 Low

EPSS

Percentile

90.8%

Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in © includes/photo.php.

CPENameOperatorVersion
pivot:pivotpivoteq1.30_rc2

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.031 Low

EPSS

Percentile

90.8%