Lucene search

[email protected]CVE-2006-6401

HistoryDec 10, 2006 - 2:28 a.m.

CVE-2006-6401

2006-12-1002:28:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2006

6401

xss

vulnerabilities

mystats

web script

html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) details parameter.

Affected configurations

NVD

Node

mystatsmystatsRange≤1.0.8

CPENameOperatorVersion
mystats:mystatsmystatsle1.0.8

CPE	Name	Operator	Version
mystats:mystats	mystats	le	1.0.8

References

marc.info/?l=bugtraq&m=116344068502988&w=2

secunia.com/advisories/22813

securitytracker.com/id?1017210

www.osvdb.org/30319

www.vupen.com/english/advisories/2006/4468

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2006-6401

nvd1 cvelist1