Vulnerability CVE-2006-0507


Published: 2006-02-01   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form.

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Easy cms -> Easy cms 

 References:
http://www.securityfocus.com/archive/1/423442/100/0/threaded
http://www.securityfocus.com/archive/1/423563/100/0/threaded
http://www.securityfocus.com/archive/1/424431/100/0/threaded
http://www.securityfocus.com/bid/16430
http://www.vupen.com/english/advisories/2006/0385
https://exchange.xforce.ibmcloud.com/vulnerabilities/24371

Copyright 2024, cxsecurity.com

 

Back to Top