Lucene search

[email protected]CVE-2006-3568

HistoryJul 13, 2006 - 1:05 a.m.

CVE-2006-3568

2006-07-1301:05:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2006-3568

xss

fantastic guestbook

security vulnerability

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters.

Affected configurations

NVD

Node

fantastic_guestbook_projectfantastic_guestbookMatch2.0.1

CPENameOperatorVersion
fantastic_guestbook_project:fantastic_guestbookfantastic guestbook project fantastic guestbookeq2.0.1

CPE	Name	Operator	Version
fantastic_guestbook_project:fantastic_guestbook	fantastic guestbook project fantastic guestbook	eq	2.0.1

References

it.security.netsons.org/exploit/FGB.txt

secunia.com/advisories/21024

www.osvdb.org/27107

www.securityfocus.com/archive/1/440152/100/100/threaded

www.securityfocus.com/bid/18942

www.vupen.com/english/advisories/2006/2762

exchange.xforce.ibmcloud.com/vulnerabilities/27697

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for CVE-2006-3568

cvelist1 nvd1