Lucene search

K
cveFlexeraCVE-2006-4577
HistoryJan 03, 2007 - 8:00 p.m.

CVE-2006-4577

2007-01-0320:00:00
flexera
web.nvd.nist.gov
27
cve
2006
4577
xss
vulnerabilities
address book
remote attackers
web script
html
javascript events
save.php
index.php
search.php
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6

Confidence

High

EPSS

0.019

Percentile

88.7%

Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in © search.php.

Affected configurations

Nvd
Node
the_address_bookthe_address_bookMatch1.04e
VendorProductVersionCPE
the_address_bookthe_address_book1.04ecpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6

Confidence

High

EPSS

0.019

Percentile

88.7%

Related for CVE-2006-4577