Lucene search

[email protected]CVE-2006-6035

HistoryNov 22, 2006 - 12:07 a.m.

CVE-2006-6035

2006-11-2200:07:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2006-6035

cross-site scripting

xss

blog:cms

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.9%

JSON

Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.

Affected configurations

NVD

Node

f-art_agencyblog_cmsRange≤4.1.3

CPENameOperatorVersion
f-art_agency:blog_cmsf-art agency blog cmsle4.1.3

CPE	Name	Operator	Version
f-art_agency:blog_cms	f-art agency blog cms	le	4.1.3

References

marc.info/?l=bugtraq&m=116387287216907&w=2

secunia.com/advisories/23025

securitytracker.com/id?1017250

www.securityfocus.com/bid/21173

www.vupen.com/english/advisories/2006/4598

exchange.xforce.ibmcloud.com/vulnerabilities/30385

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.9%

JSON

Related for CVE-2006-6035

cvelist1 nvd1