6.2 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.033 Low
EPSS
Percentile
91.0%
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER[“PHP_SELF”] variable.
CPE | Name | Operator | Version |
---|---|---|---|
boastmachine | le | 3.1 | |
boastmachine | eq | 3.0 platinum | |
boastmachine | eq | 2.8 | |
boastmachine | eq | 2.7 | |
boastmachine | eq | 2.9.98 | |
boastmachine | eq | 2.5 |
secunia.com/advisories/20149
securityreason.com/securityalert/725
securityreason.com/securityalert/927
www.osvdb.org/25617
www.osvdb.org/25618
www.securityfocus.com/archive/1/434294/100/0/threaded
www.securityfocus.com/bid/18012
www.vupen.com/english/advisories/2006/1853
exchange.xforce.ibmcloud.com/vulnerabilities/26518