Lucene search

[email protected]CVE-2006-5168

HistoryOct 10, 2006 - 4:06 a.m.

CVE-2006-5168

2006-10-1004:06:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2006-5168

cross-site scripting

xss vulnerability

simon brown pebble

remote attackers

arbitrary web script

html

query string

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.1%

JSON

Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string.

Affected configurations

NVD

Node

simon_brownpebbleMatch2.0.0rc1

simon_brownpebbleMatch2.0.0rc2

CPENameOperatorVersion
simon_brown:pebblesimon brown pebbleeq2.0.0

CPE	Name	Operator	Version
simon_brown:pebble	simon brown pebble	eq	2.0.0

References

securityreason.com/securityalert/1689

svn.sourceforge.net/viewvc/pebble/trunk/src/net/sourceforge/pebble/search/SearchResults.java?r1=136&r2=206

www.securityfocus.com/archive/1/447503/100/0/threaded

www.securityfocus.com/bid/20298

exchange.xforce.ibmcloud.com/vulnerabilities/29312

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.1%

JSON

Related for CVE-2006-5168

cvelist1 nvd1