Lucene search

[email protected]CVE-2006-0627

HistoryFeb 09, 2006 - 7:06 p.m.

CVE-2006-0627

2006-02-0919:06:00

[email protected]

web.nvd.nist.gov

cve-2006-0627

cross-site scripting

xss

clever copy 2.0

vulnerability

web script

html

http request

administrator

site stats

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.2%

JSON

Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Referer or (2) X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats.

Affected configurations

NVD

Node

clever_copyclever_copyMatch2.0

clever_copyclever_copyMatch2.0a

clever_copyclever_copyMatch23.0

CPENameOperatorVersion
clever_copy:clever_copyclever copyeq2.0
clever_copy:clever_copyclever copyeq2.0a
clever_copy:clever_copyclever copyeq23.0

CPE	Name	Operator	Version
clever_copy:clever_copy	clever copy	eq	2.0
clever_copy:clever_copy	clever copy	eq	2.0a
clever_copy:clever_copy	clever copy	eq	23.0

References

secunia.com/advisories/18790

www.evuln.com/vulns/64/summary.html

www.securityfocus.com/archive/1/424831/100/0/threaded

www.securityfocus.com/bid/16607

www.vupen.com/english/advisories/2006/0495

exchange.xforce.ibmcloud.com/vulnerabilities/24524

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.2%

JSON

Related for CVE-2006-0627

securityvulns1 cvelist1 packetstorm1 prion1 nvd1