CVE-2006-6205

Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://s-a-p.ca/index.php?page=OurAdvisories&id=50	URL Repurposed
http://secunia.com/advisories/23016	Vendor Advisory
http://securityreason.com/securityalert/1942
http://www.securityfocus.com/archive/1/452107/100/100/threaded
http://www.securityfocus.com/bid/21193	Exploit
http://www.vupen.com/english/advisories/2006/4643
https://exchange.xforce.ibmcloud.com/vulnerabilities/30420

Configurations

Configuration 1 (hide)

cpe:2.3:a:enthrallweb:ehomes:*:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~() http://s-a-p.ca/index.php?page=OurAdvisories&id=50 -~~	() http://s-a-p.ca/index.php?page=OurAdvisories&id=50 - URL Repurposed

Information

Published : 2006-12-01 01:28

Updated : 2024-02-14 01:17

NVD link : CVE-2006-6205

Mitre link : CVE-2006-6205

CVE.ORG link : CVE-2006-6205

JSON object : View

Products Affected

enthrallweb

ehomes

CWE

NVD-CWE-Other

{"id": "CVE-2006-6205", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-01T01:28:00.000", "references": [{"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=50", "tags": ["URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23016", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1942", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452107/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21193", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4643", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30420", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en result.asp en Enthrallweb eHomes permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante el par\u00e1metro (1) city o (2) State."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:enthrallweb:ehomes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE68D99C-6C7C-4ABD-A1BF-C93E76E0DAAD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}