Lucene search

[email protected]CVE-2006-4376

HistoryAug 26, 2006 - 9:04 p.m.

CVE-2006-4376

2006-08-2621:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4376

cross-site scripting

xss

guder und koch

netzwerktechnik

eichhorn portal

security vulnerabilities

6.4 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.

CPENameOperatorVersion
guder_und_koch_netzwerktechnik:eichhorn_portalguder und koch netzwerktechnik eichhorn portaleq*

CPE	Name	Operator	Version
guder_und_koch_netzwerktechnik:eichhorn_portal	guder und koch netzwerktechnik eichhorn portal	eq	*

References

securityreason.com/securityalert/1458

www.securityfocus.com/archive/1/444065/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/28533

6.4 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.6%

JSON