Lucene search

MitreCVE-2006-0934

HistoryFeb 28, 2006 - 11:02 a.m.

CVE-2006-0934

2006-02-2811:02:00

mitre

web.nvd.nist.gov

cve-2006-0934

cross-site scripting

xss vulnerability

webinsta limbo 1.0.4.2

contact form

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form.

Affected configurations

Nvd

Node

limbo_cmslimbo_cmsMatch1.0.4.2

VendorProductVersionCPE
limbo_cmslimbo_cms1.0.4.2cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
limbo_cms	limbo_cms	1.0.4.2	cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2:::::::*

References

osvdb.org/ref/23/23469-limbo.txt

secunia.com/advisories/18723

www.osvdb.org/23469

www.securityfocus.com/bid/16811

www.vupen.com/english/advisories/2006/0721

exchange.xforce.ibmcloud.com/vulnerabilities/24877

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Related for CVE-2006-0934