Lucene search

MitreCVE-2006-6459

HistoryDec 11, 2006 - 5:28 p.m.

CVE-2006-6459

2006-12-1117:28:00

mitre

web.nvd.nist.gov

cve-2006-6459

cross-site scripting

xss

vulnerability

toplist.php

phpbb toplist 1.3.7

remote attackers

arbitrary html

web script

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.005

Percentile

77.1%

JSON

Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action).

Affected configurations

Nvd

Node

phpbbtoplistMatch1.3.7

VendorProductVersionCPE
phpbbtoplist1.3.7cpe:2.3:a:phpbb:toplist:1.3.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpbb	toplist	1.3.7	cpe:2.3:a:phpbb:toplist:1.3.7:::::::*

References

securityreason.com/securityalert/2015

www.securityfocus.com/archive/1/453923/100/0/threaded

www.securityfocus.com/bid/21506

exchange.xforce.ibmcloud.com/vulnerabilities/30808

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.005

Percentile

77.1%

JSON

Related for CVE-2006-6459