Lucene search

[email protected]CVE-2006-6978

HistoryFeb 08, 2007 - 5:28 p.m.

CVE-2006-6978

2007-02-0817:28:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2006

6978

xss

vulnerability

fckeditor

remote attackers

javascript

uri

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.6%

JSON

Cross-site scripting (XSS) vulnerability in the “Basic Toolbar Selection” in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.

CPENameOperatorVersion
fckeditor:fckeditorfckeditoreq*

CPE	Name	Operator	Version
fckeditor:fckeditor	fckeditor	eq	*

References

www.newffr.com/viewtopic.php?forum=26&topic=11683

www.securityfocus.com/archive/1/434006/30/4980/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26539

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.6%

JSON

Related for CVE-2006-6978

securityvulns1