Lucene search

[email protected]CVE-2006-3841

HistoryJul 25, 2006 - 11:04 p.m.

CVE-2006-3841

2006-07-2523:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3841

cross-site scripting

xss

webscarab

url injection

security vulnerability

6.2 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.

CPENameOperatorVersion
owasp:webscarabowasp webscarabeq2006-06-21

CPE	Name	Operator	Version
owasp:webscarab	owasp webscarab	eq	2006-06-21

References

lists.grok.org.uk/pipermail/full-disclosure/2006-July/047995.html

moritz-naumann.com/adv/0012/webscarabxss/0012.txt

secunia.com/advisories/21114

securityreason.com/securityalert/1276

www.securityfocus.com/archive/1/440441/100/0/threaded

www.securityfocus.com/bid/19063

www.vupen.com/english/advisories/2006/2878

exchange.xforce.ibmcloud.com/vulnerabilities/27797

6.2 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON