Lucene search

MitreCVE-2006-0210

HistoryJan 14, 2006 - 1:03 a.m.

CVE-2006-0210

2006-01-1401:03:00

mitre

web.nvd.nist.gov

cve-2006-0210

cross-site scripting

xss

interspire trackpoint nx

index.php

web script injection

html injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page.

Affected configurations

Nvd

Node

interspiretrackpoint_nx

VendorProductVersionCPE
interspiretrackpoint_nx*cpe:2.3:a:interspire:trackpoint_nx:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
interspire	trackpoint_nx	*	cpe:2.3:a:interspire:trackpoint_nx::::::::

References

secunia.com/advisories/18445

www.interspire.com/forum/showthread.php?p=29606

www.osvdb.org/22377

www.securityfocus.com/archive/1/421740/100/0/threaded

www.securityfocus.com/bid/16214

www.vupen.com/english/advisories/2006/0175

exchange.xforce.ibmcloud.com/vulnerabilities/24112

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Related for CVE-2006-0210