Lucene search
MitreCVE-2006-7125HistoryMar 06, 2007 - 1:19 a.m.
CVE-2006-7125
2007-03-0601:19:00
mitre
web.nvd.nist.gov
25
cve-2006-7125
cross-site scripting
xss
joomla
bsq sitestats
remote attackers
web script
html
http referer header
site statistics.
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
5.8
Confidence
High
EPSS
0.011
Percentile
84.4%
Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.
Affected configurations
Node
joomlabsq_sitestatsMatch1.8.0
ORjoomlabsq_sitestatsMatch2.1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| joomla | bsq_sitestats | 1.8.0 | cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:* |
| joomla | bsq_sitestats | 2.1.1 | cpe:2.3:a:joomla:bsq_sitestats:2.1.1:*:*:*:*:*:*:* |
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
5.8
Confidence
High
EPSS
0.011
Percentile
84.4%
Related for CVE-2006-7125