CVE-2006-3060

{"id": "CVE-2006-3060", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-06-19T10:02:00.000", "references": [{"url": "http://secunia.com/advisories/20601", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1108", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/436650/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2304", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27157", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20601", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1108", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/436650/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/2304", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27157", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the \"My Account\" login page."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en P.A.I.D v2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s (1) par\u00e1metro \"read\" en index.php, (2) par\u00e1metro \"farea\" en faq.php, y (3) campos de entrada no especificados la p\u00e1gina de acceso \"My account\"."}], "lastModified": "2024-11-21T00:12:43.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webexceluk:p.a.i.d:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE5FD2DF-7DF1-41B5-AF8A-91C573B5429E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}