Lucene search

[email protected]CVE-2006-1413

HistoryMar 28, 2006 - 8:02 p.m.

CVE-2006-1413

2006-03-2820:02:00

[email protected]

web.nvd.nist.gov

ezhomepagepro

xss

cve-2006-1413

security

vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or © users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp.

Affected configurations

NVD

Node

htmljunctionezhomepageproRange≤1.5

CPENameOperatorVersion
htmljunction:ezhomepageprohtmljunction ezhomepageprole1.5

CPE	Name	Operator	Version
htmljunction:ezhomepagepro	htmljunction ezhomepagepro	le	1.5

References

pridels0.blogspot.com/2006/03/ezhomepagepro-multiple-xss-vuln.html

secunia.com/advisories/19386

www.osvdb.org/24132

www.osvdb.org/24133

www.osvdb.org/24134

www.osvdb.org/24135

www.osvdb.org/24136

www.securityfocus.com/bid/17236

www.vupen.com/english/advisories/2006/1094

exchange.xforce.ibmcloud.com/vulnerabilities/25468

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for CVE-2006-1413

cvelist1 nvd1 prion1