Lucene search

[email protected]CVE-2006-5129

HistoryOct 03, 2006 - 4:03 a.m.

CVE-2006-5129

2006-10-0304:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5129

xss vulnerabilities

ph03y3nk

jaf cms 4.0 rc1

remote code injection

web script

html

shoutbox

forum post

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables.

CPENameOperatorVersion
salims_softhouse:jaf_cmssalims softhouse jaf cmseq4.0

CPE	Name	Operator	Version
salims_softhouse:jaf_cms	salims softhouse jaf cms	eq	4.0

References

secunia.com/advisories/22143

securityreason.com/securityalert/1674

www.securityfocus.com/archive/1/447081/100/0/threaded

www.securityfocus.com/bid/20225

6.3 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.8%

JSON