CVE-2006-4543

{"id": "CVE-2006-4543", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-09-06T00:04:00.000", "references": [{"url": "http://secunia.com/advisories/21635", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1490", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/444716/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19771", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21635", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1490", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/444716/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/19771", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en HLStats 1.34 permite a un atacante remoto inyectar secuencias de comandos web o HTML a tra\u00b4ves del par\u00e1metro (1) game en modo juego, (2)el par\u00e1metro st en modo b\u00fasqueda, el par\u00e1metro (3) action en el modo actioninfo, y el par\u00e1metro (5) map en modo mapinfo."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hlstats:hlstats:1.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7998CDD1-22DA-4591-8516-8E221CD6B9A1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}