CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
93.1%
Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
Vendor | Product | Version | CPE |
---|---|---|---|
virtech | netquery | e107_edition | cpe:2.3:a:virtech:netquery:e107_edition:*:*:*:*:*:*:* |
virtech | netquery | postnuke_edition | cpe:2.3:a:virtech:netquery:postnuke_edition:*:*:*:*:*:*:* |
virtech | netquery | xaraya_edition | cpe:2.3:a:virtech:netquery:xaraya_edition:*:*:*:*:*:*:* |
virtech | netquery | xoops_edition | cpe:2.3:a:virtech:netquery:xoops_edition:*:*:*:*:*:*:* |
lists.grok.org.uk/pipermail/full-disclosure/2006-October/050462.html
secunia.com/advisories/22864
securityreason.com/securityalert/1807
securitytracker.com/id?1017147
virtech.org/tools/
www.securityfocus.com/archive/1/450270/100/0/threaded
www.securityfocus.com/archive/1/451350/100/100/threaded
www.securityfocus.com/bid/20837
www.vupen.com/english/advisories/2006/4512
www.zion-security.com/text/XSS_Vulnerability_VIRtechs_Netquery.txt
exchange.xforce.ibmcloud.com/vulnerabilities/29927