Lucene search

PRIOn knowledge basePRION:CVE-2006-1133

HistoryMar 10, 2006 - 2:02 a.m.

Cross site scripting

2006-03-1002:02:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441.

CPENameOperatorVersion
vbzoomeq1.11

CPE	Name	Operator	Version
	vbzoom	eq	1.11

References

securityreason.com/securityalert/552

www.osvdb.org/23812

www.osvdb.org/23813

www.securityfocus.com/archive/1/426874/100/0/threaded

www.securityfocus.com/bid/16956

www.securityfocus.com/bid/16969

exchange.xforce.ibmcloud.com/vulnerabilities/25090

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.9%

JSON

Related for PRION:CVE-2006-1133

cve3