Vulnerability CVE-2006-1496


Published: 2006-03-29   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via (1) a remote URL in the page parameter, which is processed by an fopen call, or (2) HTML or script in the page parameter, which is returned to the client in an error message for the failed fopen call.

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Vihor -> Vihordesign 

 References:
http://www.securityfocus.com/bid/17226
http://www.securityfocus.com/archive/1/428737
http://www.attrition.org/pipermail/vim/2006-March/000651.html
http://www.attrition.org/pipermail/vim/2006-March/000650.html
http://xforce.iss.net/xforce/xfdb/25483
http://secunia.com/advisories/19403

Copyright 2024, cxsecurity.com

 

Back to Top