Lucene search

[email protected]CVE-2006-4760

HistorySep 13, 2006 - 11:07 p.m.

CVE-2006-4760

2006-09-1323:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4760

cross-site scripting

xss

rssowl

security vulnerabilities

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.

CPENameOperatorVersion
benjamin_pasero_and_tobias_eichert:rssowlbenjamin pasero and tobias eichert rssowleq*

CPE	Name	Operator	Version
benjamin_pasero_and_tobias_eichert:rssowl	benjamin pasero and tobias eichert rssowl	eq	*

References

downloads.sourceforge.net/project/rssowl/rssowl%20classic%201.0%20%28do%20not%20use%29/1.2.3/rssowl_1_2_3_src.zip

secunia.com/advisories/21958

www.cgisecurity.com/papers/RSS-Security.ppt

www.securityfocus.com/bid/20110

www.vupen.com/english/advisories/2006/3685

exchange.xforce.ibmcloud.com/vulnerabilities/29049

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

JSON

Related for CVE-2006-4760

prion1 cve1