Lucene search

[email protected]CVE-2006-6487

HistoryJan 16, 2007 - 7:28 p.m.

CVE-2006-6487

2007-01-1619:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6487

xss

dt guestbook

security vulnerability

web script injection

5.8 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.2%

JSON

Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.

CPENameOperatorVersion
dt_guestbook:dt_guestbookdt guestbookeq1.0f

CPE	Name	Operator	Version
dt_guestbook:dt_guestbook	dt guestbook	eq	1.0f

References

secunia.com/advisories/23778

www.netvigilance.com/advisory0010

www.osvdb.org/30787

www.securityfocus.com/archive/1/457059/100/0/threaded

www.securityfocus.com/bid/22078

www.vupen.com/english/advisories/2007/0205

exchange.xforce.ibmcloud.com/vulnerabilities/31518

5.8 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.2%

JSON

Related for CVE-2006-6487

securityvulns2 packetstorm1