Lucene search

[email protected]CVE-2006-7149

HistoryMar 07, 2007 - 8:19 p.m.

CVE-2006-7149

2007-03-0720:19:00

[email protected]

web.nvd.nist.gov

cve-2006-7149

cross-site scripting

xss

mambo 4.6.x

web security

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and © com_comment.php.

Affected configurations

NVD

Node

mambomamboMatch4.6rc1

mambomamboMatch4.6rc2

mambomamboMatch4.6.1

CPENameOperatorVersion
mambo:mambomamboeq4.6
mambo:mambomamboeq4.6.1

CPE	Name	Operator	Version
mambo:mambo	mambo	eq	4.6
mambo:mambo	mambo	eq	4.6.1

References

securityreason.com/securityalert/2379

www.kapda.ir/advisory-444.html

www.securityfocus.com/archive/1/449305/100/0/threaded

www.securityfocus.com/bid/20650

exchange.xforce.ibmcloud.com/vulnerabilities/29708

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2006-7149

nvd1 cvelist1 openvas2