| |
Vulnerability CVE-2006-3063
Published: 2006-06-19 Modified: 2012-02-12
| Description: |
Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php. |
CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
2.6/10 |
2.9/10 |
4.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
High |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://www.vupen.com/english/advisories/2006/2480
http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e
http://xforce.iss.net/xforce/xfdb/27293
http://www.securityfocus.com/bid/18582
http://secunia.com/advisories/20764
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
