Lucene search

PRIOn knowledge basePRION:CVE-2006-2672

HistoryMay 30, 2006 - 9:02 p.m.

Cross site scripting

2006-05-3021:02:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or © request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.

References

secunia.com/advisories/20286

securityreason.com/securityalert/988

www.osvdb.org/25772

www.osvdb.org/25773

www.osvdb.org/25774

www.osvdb.org/25775

www.securityfocus.com/archive/1/435012/100/0/threaded

www.vupen.com/english/advisories/2006/1985

exchange.xforce.ibmcloud.com/vulnerabilities/26677

7.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for PRION:CVE-2006-2672

cve1