CVE-2006-4751

Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/21877	Vendor Advisory
http://securityreason.com/securityalert/1565
http://securitytracker.com/id?1016823	Exploit
http://www.securityfocus.com/archive/1/445727/100/0/threaded
http://www.securityfocus.com/bid/19948	Exploit
http://www.vupen.com/english/advisories/2006/3560
https://exchange.xforce.ibmcloud.com/vulnerabilities/28860

Configurations

Configuration 1 (hide)

cpe:2.3:a:laurentiu_matei:expandable_home_page_cms:0.5.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-09-13 22:07

Updated : 2024-02-04 16:52

NVD link : CVE-2006-4751

Mitre link : CVE-2006-4751

CVE.ORG link : CVE-2006-4751

JSON object : View

Products Affected

laurentiu_matei

expandable_home_page_cms

CWE

NVD-CWE-Other

{"id": "CVE-2006-4751", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-09-13T22:07:00.000", "references": [{"url": "http://secunia.com/advisories/21877", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1565", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016823", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/445727/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19948", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3560", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28860", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro errcode."}], "lastModified": "2018-10-17T21:39:25.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:laurentiu_matei:expandable_home_page_cms:0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1C27AB9-59F5-4027-8822-EDAB075B198B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}