CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2006/06/07 10:2 a.m.•8 views

CVE-2006-2893

index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action...

5CVSS6.6AI score0.00622EPSS

Prion•added 2006/06/07 10:2 a.m.•8 views

Deserialization of untrusted data

index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action...

5CVSS7.4AI score0.00622EPSS

NVD•added 2006/06/07 10:2 a.m.•15 views

CVE-2006-2892

Cross-site scripting XSS vulnerability in index.php in GANTTy 1.0.3 allows remote attackers to inject arbitrary HTML and web script via the message parameter in a login action...

4.3CVSS5.8AI score0.06991EPSS

Prion•added 2006/06/07 10:2 a.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in GANTTy 1.0.3 allows remote attackers to inject arbitrary HTML and web script via the message parameter in a login action...

4.3CVSS6.3AI score0.06991EPSS

Cvelist•added 2006/06/07 10:0 a.m.•20 views

CVE-2006-2893

index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action...

6.6AI score0.00622EPSS

CVE•added 2006/06/07 10:0 a.m.•46 views

CVE-2006-2892

CVE-2006-2892 is an XSS vulnerability in GANTTy 1.0.3, where the index.php login action accepts a message parameter that can be exploited to inject arbitrary HTML/JavaScript. The entry lists a CVSS v2 base score of 4.3 (Medium) with network attack vector, no confidentiality/availability impact, p...

4.3CVSS5.8AI score0.06991EPSS

CVE•added 2006/06/07 10:0 a.m.•45 views

CVE-2006-2893

CVE-2006-2893 affects GANTTy 1.0.3. The vulnerability occurs via an invalid lang parameter in an authenticate action, allowing remote attackers to obtain the full path of the web server. This is a path disclosure issue limited to the affected module/function and is documented across multiple sour...

5CVSS6.6AI score0.00622EPSS

Cvelist•added 2006/06/07 10:0 a.m.•15 views

CVE-2006-2892

Cross-site scripting XSS vulnerability in index.php in GANTTy 1.0.3 allows remote attackers to inject arbitrary HTML and web script via the message parameter in a login action...

5.8AI score0.06991EPSS

securityvulns•added 2006/06/07 12:0 a.m.•27 views

GANTTy v1.0.3

GANTTy v1.0.3 Homepage: http://www.gantty.com Effected files: index.php XSS Vulnerabilities PoC: XSS Vulnerability: http://www.example.com/index.php?action=login&message=IMG SRC=javascript:alert'XSS'+email&lang= Full path disclosure error: http://www.example.com/index.php?action=authenticate&lang...

Exploit DB•added 2006/06/06 12:0 a.m.•16 views

GANTTy 1.0.3 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/18296/info GANTTy is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

7AI score

exploitpack•added 2006/06/06 12:0 a.m.•12 views

GANTTy 1.0.3 - index.php Cross-Site Scripting

GANTTy 1.0.3 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18296/info GANTTy is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

6.8AI score