Lucene search

[email protected]NVD:CVE-2006-6808

HistoryDec 28, 2006 - 9:28 p.m.

CVE-2006-6808

2006-12-2821:28:00

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.6

Confidence

High

EPSS

0.033

Percentile

91.3%

JSON

Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.

Affected configurations

Nvd

Node

wordpresswordpressRange≤2.0.5

wordpresswordpressMatch0.6.2beta_2

wordpresswordpressMatch0.6.2.1beta_2

wordpresswordpressMatch0.7

wordpresswordpressMatch0.71

wordpresswordpressMatch1.2

wordpresswordpressMatch1.2.1

wordpresswordpressMatch1.2.2

wordpresswordpressMatch1.5

wordpresswordpressMatch1.5.1

wordpresswordpressMatch1.5.1.2

wordpresswordpressMatch1.5.1.3

wordpresswordpressMatch1.5.2

wordpresswordpressMatch2.0

wordpresswordpressMatch2.0.1

wordpresswordpressMatch2.0.2

wordpresswordpressMatch2.0.3

wordpresswordpressMatch2.0.4

References

marc.info/?l=full-disclosure&m=116722128631087&w=2

michaeldaw.org/

secunia.com/advisories/23587

secunia.com/advisories/23741

security.gentoo.org/glsa/glsa-200701-10.xml

trac.wordpress.org/changeset/4665

www.securityfocus.com/bid/21782

www.vupen.com/english/advisories/2006/5191

exchange.xforce.ibmcloud.com/vulnerabilities/31133

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.6

Confidence

High

EPSS

0.033

Percentile

91.3%

JSON

Related for NVD:CVE-2006-6808

debiancve1 patchstack1 cvelist1 ubuntucve1 cve1 openvas2 gentoo1 nessus1