Lucene search

[email protected]CVE-2006-4825

HistorySep 15, 2006 - 10:07 p.m.

CVE-2006-4825

2006-09-1522:07:00

[email protected]

web.nvd.nist.gov

cve-2006-4825

cross-site scripting

xss

softcomplex php event calendar

security vulnerability

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.

Affected configurations

NVD

Node

softcomplexphp_event_calendarRange≤1.5.1

CPENameOperatorVersion
softcomplex:php_event_calendarsoftcomplex php event calendarle1.5.1

CPE	Name	Operator	Version
softcomplex:php_event_calendar	softcomplex php event calendar	le	1.5.1

References

secunia.com/advisories/21895

securityreason.com/securityalert/1582

www.securityfocus.com/archive/1/445879/100/0/threaded

www.securityfocus.com/bid/20001

exchange.xforce.ibmcloud.com/vulnerabilities/28906

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2006-4825

nvd1 cvelist1