Lucene search

PRIOn knowledge basePRION:CVE-2006-2533

HistoryMay 22, 2006 - 11:10 p.m.

Cross site scripting

2006-05-2223:10:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.3%

JSON

Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag.

CPENameOperatorVersion
destiney_rated_images_scripteq0.5.0

CPE	Name	Operator	Version
	destiney_rated_images_script	eq	0.5.0

References

secunia.com/advisories/20249

securityreason.com/securityalert/940

www.securityfocus.com/archive/1/434691/100/0/threaded

www.securityfocus.com/archive/1/435093/100/0/threaded

www.securityfocus.com/bid/18070

www.vupen.com/english/advisories/2006/1927

exchange.xforce.ibmcloud.com/vulnerabilities/26605

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.3%

JSON

Related for PRION:CVE-2006-2533

cve1