Lucene search

[email protected]CVE-2006-4162

HistoryAug 16, 2006 - 10:04 p.m.

CVE-2006-4162

2006-08-1622:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4162

cross-site scripting

xss

dragonfly cms

remote attackers

web script

html

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.9%

JSON

Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field.

Affected configurations

NVD

Node

cpg-nukedragonfly_cmsMatch9.0.1.1

cpg-nukedragonfly_cmsMatch9.0.2.0

cpg-nukedragonfly_cmsMatch9.0.3.0

cpg-nukedragonfly_cmsMatch9.0.4.0

cpg-nukedragonfly_cmsMatch9.0.5.0

cpg-nukedragonfly_cmsMatch9.0.6.0

cpg-nukedragonfly_cmsMatch9.0.6.1

CPENameOperatorVersion
cpg-nuke:dragonfly_cmscpg-nuke dragonfly cmseq9.0.1.1
cpg-nuke:dragonfly_cmscpg-nuke dragonfly cmseq9.0.2.0
cpg-nuke:dragonfly_cmscpg-nuke dragonfly cmseq9.0.3.0
cpg-nuke:dragonfly_cmscpg-nuke dragonfly cmseq9.0.4.0
cpg-nuke:dragonfly_cmscpg-nuke dragonfly cmseq9.0.5.0
cpg-nuke:dragonfly_cmscpg-nuke dragonfly cmseq9.0.6.0
cpg-nuke:dragonfly_cmscpg-nuke dragonfly cmseq9.0.6.1

CPE	Name	Operator	Version
cpg-nuke:dragonfly_cms	cpg-nuke dragonfly cms	eq	9.0.1.1
cpg-nuke:dragonfly_cms	cpg-nuke dragonfly cms	eq	9.0.2.0
cpg-nuke:dragonfly_cms	cpg-nuke dragonfly cms	eq	9.0.3.0
cpg-nuke:dragonfly_cms	cpg-nuke dragonfly cms	eq	9.0.4.0
cpg-nuke:dragonfly_cms	cpg-nuke dragonfly cms	eq	9.0.5.0
cpg-nuke:dragonfly_cms	cpg-nuke dragonfly cms	eq	9.0.6.0
cpg-nuke:dragonfly_cms	cpg-nuke dragonfly cms	eq	9.0.6.1

References

securityreason.com/securityalert/1394

www.securityfocus.com/archive/1/442885/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/28333

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for CVE-2006-4162

nvd1 cvelist1