Lucene search

[email protected]CVE-2006-4710

HistorySep 12, 2006 - 4:07 p.m.

CVE-2006-4710

2006-09-1216:07:00

[email protected]

web.nvd.nist.gov

cve-2006-4710

newsgator feeddemon

xss

vulnerabilities

atom 1.0 feed

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.

Affected configurations

NVD

Node

newsgatorfeeddemonRange≤2.0.0.24

CPENameOperatorVersion
newsgator:feeddemonnewsgator feeddemonle2.0.0.24

CPE	Name	Operator	Version
newsgator:feeddemon	newsgator feeddemon	le	2.0.0.24

References

nick.typepad.com/blog/2006/08/ann_feeddemon_2.html

nick.typepad.com/blog/2006/08/feed_security_a_1.html

secunia.com/advisories/21995

www.cgisecurity.com/papers/RSS-Security.ppt

www.securityfocus.com/bid/20114

www.snellspace.com/wp/?p=426

www.snellspace.com/wp/?p=448

www.vupen.com/english/advisories/2006/3686

exchange.xforce.ibmcloud.com/vulnerabilities/29047

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.7%

JSON

Related for CVE-2006-4710

nessus1 nvd1 cvelist1