Lucene search

[email protected]CVE-2006-6988

HistoryFeb 09, 2007 - 1:28 a.m.

CVE-2006-6988

2007-02-0901:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6988

information security

cross-domain vulnerability

slim browser 4.07

remote attackers

object tag

data parameter

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker’s originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Affected configurations

NVD

Node

flashpeakslim_browserMatch4.07_build_100

CPENameOperatorVersion
flashpeak:slim_browserflashpeak slim browsereq4.07_build_100

CPE	Name	Operator	Version
flashpeak:slim_browser	flashpeak slim browser	eq	4.07_build_100

References

pridels0.blogspot.com/2006/06/multiple-browsers-information.html

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2006-6988

cvelist11 nvd11 cert1 checkpoint_advisories1 cve10 securityvulns2 nessus1