Lucene search

[email protected]CVE-2006-6196

HistoryDec 01, 2006 - 12:28 a.m.

CVE-2006-6196

2006-12-0100:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6196

xss

security

vulnerability

search functionality

fixit idms pro image gallery

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

High

0.077 Low

EPSS

Percentile

94.2%

JSON

Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter).

Affected configurations

NVD

Node

fixit_knowledge_solutionsidms_pro_image_gallery

CPENameOperatorVersion
fixit_knowledge_solutions:idms_pro_image_galleryfixit knowledge solutions idms pro image galleryeq*

CPE	Name	Operator	Version
fixit_knowledge_solutions:idms_pro_image_gallery	fixit knowledge solutions idms pro image gallery	eq	*

References

securityreason.com/securityalert/1941

securitytracker.com/id?1017281

www.aria-security.com/forum/showthread.php?t=39

www.securityfocus.com/archive/1/452567/100/0/threaded

www.securityfocus.com/bid/21282

exchange.xforce.ibmcloud.com/vulnerabilities/30514

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

High

0.077 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2006-6196

cvelist1 nvd1