Lucene search

[email protected]CVE-2006-3767

HistoryJul 21, 2006 - 2:03 p.m.

CVE-2006-3767

2006-07-2114:03:00

[email protected]

web.nvd.nist.gov

cve-2006-3767

xss

web script

html

img

onerror attribute

txtcomment parameter

comment security

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Cross-site scripting (XSS) vulnerability in showprofile.php in Darren’s $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment.

Affected configurations

NVD

Node

darrens_5-dollar_script_archiveosdateRange≤1.1.7

darrens_5-dollar_script_archiveosdateMatch1.1.5

darrens_5-dollar_script_archiveosdateMatch1.1.6

CPENameOperatorVersion
darrens_5-dollar_script_archive:osdatedarrens 5-dollar script archive osdatele1.1.7
darrens_5-dollar_script_archive:osdatedarrens 5-dollar script archive osdateeq1.1.5
darrens_5-dollar_script_archive:osdatedarrens 5-dollar script archive osdateeq1.1.6

CPE	Name	Operator	Version
darrens_5-dollar_script_archive:osdate	darrens 5-dollar script archive osdate	le	1.1.7
darrens_5-dollar_script_archive:osdate	darrens 5-dollar script archive osdate	eq	1.1.5
darrens_5-dollar_script_archive:osdate	darrens 5-dollar script archive osdate	eq	1.1.6

References

archives.neohapsis.com/archives/bugtraq/2006-08/0285.html

secunia.com/advisories/21103

securitytracker.com/id?1016700

www.securityfocus.com/archive/1/440490/100/0/threaded

www.securityfocus.com/archive/1/440592/100/0/threaded

www.securityfocus.com/bid/19034

www.vupen.com/english/advisories/2006/2864

exchange.xforce.ibmcloud.com/vulnerabilities/27814

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for CVE-2006-3767

cvelist1 nvd1