Lucene search
MitreCVE-2006-0198HistoryJan 13, 2006 - 11:03 p.m.
CVE-2006-0198
2006-01-1323:03:00
mitre
web.nvd.nist.gov
24
cve-2006-0198
cross-site scripting
xss
xoops
module
vulnerability
web script
html
src attribute
img element
comment
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.004
Percentile
72.0%
Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.
Affected configurations
Node
xoopsxoops_pool_module
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xoops | xoops_pool_module | * | cpe:2.3:a:xoops:xoops_pool_module:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2006-0198
2006-01-13 23:00:00
nvd
nvd
CVE-2006-0198
2006-01-13 23:03:00
prion
prion
Cross site scripting
2006-01-13 23:03:00
exploitdb
exploitdb
Xoops Pool Module - IMG Tag HTML Injection
2006-01-09 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.004
Percentile
72.0%
Related for CVE-2006-0198