Lucene search

MitreCVE-2006-1121

HistoryMar 09, 2006 - 9:02 p.m.

CVE-2006-1121

2006-03-0921:02:00

mitre

web.nvd.nist.gov

cve-2006-1121

cross-site scripting

xss

vulnerability

cutenews 1.4.1

remote attackers

web script

html

index.php

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.7

Confidence

High

EPSS

0.028

Percentile

90.7%

JSON

Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php.

Affected configurations

Nvd

Node

cutephpcutenewsMatch1.4.1

VendorProductVersionCPE
cutephpcutenews1.4.1cpe:2.3:a:cutephp:cutenews:1.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cutephp	cutenews	1.4.1	cpe:2.3:a:cutephp:cutenews:1.4.1:::::::*

References

kapda.ir/advisory-277.html

securityreason.com/securityalert/531

securitytracker.com/id?1015726

www.securityfocus.com/archive/1/426759/100/0/threaded

www.securityfocus.com/bid/16961

exchange.xforce.ibmcloud.com/vulnerabilities/25052

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.7

Confidence

High

EPSS

0.028

Percentile

90.7%

JSON

Related for CVE-2006-1121