Lucene search

[email protected]CVE-2006-6037

HistoryNov 22, 2006 - 12:07 a.m.

CVE-2006-6037

2006-11-2200:07:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2006-6037

cross-site scripting

xss

index.php

dan jensen travelsized cms

web script injection

html injection

security vulnerability

6 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter.

Affected configurations

NVD

Node

leinirtravelsized_cmsRange≤0.4.1

CPENameOperatorVersion
leinir:travelsized_cmsleinir travelsized cmsle0.4.1

CPE	Name	Operator	Version
leinir:travelsized_cms	leinir travelsized cms	le	0.4.1

References

marc.info/?l=bugtraq&m=116387632908248&w=2

secunia.com/advisories/23021

securitytracker.com/id?1017251

www.majorsecurity.de/index_2.php?major_rls=major_rls35

www.securityfocus.com/archive/1/452007/100/200/threaded

www.securityfocus.com/bid/21169

www.vupen.com/english/advisories/2006/4609

exchange.xforce.ibmcloud.com/vulnerabilities/30392

6 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.8%

JSON

Related for CVE-2006-6037

nvd1 cvelist1