Lucene search

MitreCVE-2006-6272

HistoryDec 04, 2006 - 11:28 a.m.

CVE-2006-6272

2006-12-0411:28:00

mitre

web.nvd.nist.gov

cve-2006-6272

xss

web script injection

html injection

simple php gallery

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON

Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

Affected configurations

Nvd

Node

paul_griffinsimple_php_galleryMatch1.1

VendorProductVersionCPE
paul_griffinsimple_php_gallery1.1cpe:2.3:a:paul_griffin:simple_php_gallery:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
paul_griffin	simple_php_gallery	1.1	cpe:2.3:a:paul_griffin:simple_php_gallery:1.1:::::::*

References

securityreason.com/securityalert/1967

www.securityfocus.com/archive/1/452555/100/100/threaded

www.securityfocus.com/bid/21278

exchange.xforce.ibmcloud.com/vulnerabilities/30490

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON

Related for CVE-2006-6272