Lucene search

[email protected]NVD:CVE-2006-2048

HistoryApr 26, 2006 - 8:06 p.m.

CVE-2006-2048

2006-04-2620:06:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected version is actually 3.2.

Affected configurations

Nvd

Node

phpwebftpphpwebftpMatch2.3

VendorProductVersionCPE
phpwebftpphpwebftp2.3cpe:2.3:a:phpwebftp:phpwebftp:2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpwebftp	phpwebftp	2.3	cpe:2.3:a:phpwebftp:phpwebftp:2.3:::::::*

References

secunia.com/advisories/19827

securityreason.com/securityalert/786

www.osvdb.org/24975

www.securityfocus.com/archive/1/431985/100/0/threaded

www.securityfocus.com/bid/17688

www.subjectzero.net/research/phpwebftpxss.htm

www.vupen.com/english/advisories/2006/1530

exchange.xforce.ibmcloud.com/vulnerabilities/26067

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Related for NVD:CVE-2006-2048

exploitdb1 prion1 cvelist1 cve1