Lucene search

[email protected]NVD:CVE-2006-1406

HistoryMar 28, 2006 - 11:06 a.m.

CVE-2006-1406

2006-03-2811:06:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters.

Affected configurations

Nvd

Node

uniforumuniforumRange≤4

VendorProductVersionCPE
uniforumuniforum*cpe:2.3:a:uniforum:uniforum:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
uniforum	uniforum	*	cpe:2.3:a:uniforum:uniforum::::::::

References

pridels0.blogspot.com/2006/03/uniforum-xss-vuln.html

secunia.com/advisories/19397

www.osvdb.org/24123

www.securityfocus.com/bid/17245

www.vupen.com/english/advisories/2006/1101

exchange.xforce.ibmcloud.com/vulnerabilities/25433

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Related for NVD:CVE-2006-1406

cvelist1 prion1 cve1