Lucene search

[email protected]NVD:CVE-2006-2325

HistoryMay 12, 2006 - 12:02 a.m.

CVE-2006-2325

2006-05-1200:02:00

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.6

Confidence

High

EPSS

0.008

Percentile

81.6%

JSON

Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to inject arbitrary web script or HTML via the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Also, this issue might be resultant from directory traversal.

Affected configurations

Nvd

Node

onlyscript.infoonline_universal_payment_system_script

VendorProductVersionCPE
onlyscript.infoonline_universal_payment_system_script*cpe:2.3:a:onlyscript.info:online_universal_payment_system_script:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
onlyscript.info	online_universal_payment_system_script	*	cpe:2.3:a:onlyscript.info:online_universal_payment_system_script::::::::

References

secunia.com/advisories/20005

www.osvdb.org/25452

www.securityfocus.com/bid/17889

www.vupen.com/english/advisories/2006/1704

exchange.xforce.ibmcloud.com/vulnerabilities/26342

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.6

Confidence

High

EPSS

0.008

Percentile

81.6%

JSON

Related for NVD:CVE-2006-2325

cve1 cvelist1 prion1