Lucene search

[email protected]CVE-2006-4528

HistorySep 01, 2006 - 11:04 p.m.

CVE-2006-4528

2006-09-0123:04:00

[email protected]

web.nvd.nist.gov

cve

xss

vulnerabilities

membrepass 1.5

web script

html

recherche parameter

email parameter

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php.

Affected configurations

NVD

Node

membrepassmembrepassMatch1.5

CPENameOperatorVersion
membrepass:membrepassmembrepasseq1.5

CPE	Name	Operator	Version
membrepass:membrepass	membrepass	eq	1.5

References

acid-root.new.fr/advisories/09290806.txt

secunia.com/advisories/21715

securityreason.com/securityalert/1487

www.securityfocus.com/archive/1/444845/100/0/threaded

www.securityfocus.com/bid/19789

www.vupen.com/english/advisories/2006/3427

exchange.xforce.ibmcloud.com/vulnerabilities/28691

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.9%

JSON

Related for CVE-2006-4528

nvd1 cvelist1