| |
Vulnerability CVE-2006-6518
Published: 2006-12-13 Modified: 2012-02-12
| Description: |
Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php. |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Mr_Kaliman | 14.12.2006 |
Type:
CWE-Other
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.8/10 |
6.4/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://securityreason.com/securityalert/2025
http://www.securityfocus.com/archive/1/453964/100/0/threaded
http://www.securityfocus.com/bid/21516
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
