Lucene search

[email protected]CVE-2006-4157

HistoryAug 16, 2006 - 10:04 p.m.

CVE-2006-4157

2006-08-1622:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4157

xss

web script

html

remote attackers

yabb

bulletin board

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter.

CPENameOperatorVersion
yabb:yabbyabbeq1.5.5
yabb:yabbyabbeq1.5.5b
yabb:yabbyabbeq1.5.2
yabb:yabbyabbeq1.5.1
yabb:yabbyabbeq1.5.4

CPE	Name	Operator	Version
yabb:yabb	yabb	eq	1.5.5
yabb:yabb	yabb	eq	1.5.5b
yabb:yabb	yabb	eq	1.5.2
yabb:yabb	yabb	eq	1.5.1
yabb:yabb	yabb	eq	1.5.4

References

securitytracker.com/id?1016684

www.securityfocus.com/archive/1/442817/100/0/threaded

www.securityfocus.com/bid/19460

exchange.xforce.ibmcloud.com/vulnerabilities/28324

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for CVE-2006-4157

cvelist1