Lucene search

[email protected]CVE-2006-6925

HistoryJan 13, 2007 - 2:28 a.m.

CVE-2006-6925

2007-01-1302:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

xss

bitweaver

remote attack

web script

html

vulnerability

6.2 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.

CPENameOperatorVersion
bitweaver:bitweaverbitweavereq1.3
bitweaver:bitweaverbitweavereq1.2.1
bitweaver:bitweaverbitweavereq1.1
bitweaver:bitweaverbitweavereq1.3.1
bitweaver:bitweaverbitweavereq1.1.1_beta

CPE	Name	Operator	Version
bitweaver:bitweaver	bitweaver	eq	1.3
bitweaver:bitweaver	bitweaver	eq	1.2.1
bitweaver:bitweaver	bitweaver	eq	1.1
bitweaver:bitweaver	bitweaver	eq	1.3.1
bitweaver:bitweaver	bitweaver	eq	1.1.1_beta

References

archives.neohapsis.com/archives/bugtraq/2006-11/0142.html

secunia.com/advisories/22793

securityreason.com/securityalert/2144

www.securityfocus.com/bid/20988

www.securityfocus.com/bid/20996

www.vupen.com/english/advisories/2006/4485

exchange.xforce.ibmcloud.com/vulnerabilities/30167

6.2 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.2%

JSON