Lucene search

K

[email protected]NVD:CVE-2006-2833

HistoryJun 06, 2006 - 12:02 a.m.

CVE-2006-2833

2006-06-0600:02:00

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.

Affected configurations

NVD

Node

drupaldrupalMatch4.6.8

OR

drupaldrupalMatch4.7.2

References

drupal.org/files/sa-2006-008/4.6.7.patch

drupal.org/node/66767

secunia.com/advisories/20412

secunia.com/advisories/21244

securityreason.com/securityalert/1041

www.debian.org/security/2006/dsa-1125

www.securityfocus.com/archive/1/435793/100/0/threaded

www.securityfocus.com/bid/18245

www.vupen.com/english/advisories/2006/2112

exchange.xforce.ibmcloud.com/vulnerabilities/26893

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

Related for NVD:CVE-2006-2833

cve1 prion1 freebsd1 openvas6 nessus2 cvelist1 ubuntucve1 debian2 osv1