Lucene search

[email protected]CVE-2006-4796

HistorySep 14, 2006 - 9:07 p.m.

CVE-2006-4796

2006-09-1421:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4796

cross-site scripting

xss

snitz forums 2000

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.8%

JSON

Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).

CPENameOperatorVersion
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.4.06

CPE	Name	Operator	Version
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.4.06

References

forum.snitz.com/forum/topic.asp?TOPIC_ID=62773

secunia.com/advisories/21946

securityreason.com/securityalert/1578

www.osvdb.org/28832

www.securityfocus.com/archive/1/445902/100/0/threaded

www.securityfocus.com/archive/1/446043/100/0/threaded

www.securityfocus.com/bid/20004

www.vupen.com/english/advisories/2006/3632

exchange.xforce.ibmcloud.com/vulnerabilities/28921

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2006-4796

cvelist1