Lucene search

MitreCVE-2006-1801

HistoryApr 18, 2006 - 10:02 a.m.

CVE-2006-1801

2006-04-1810:02:00

mitre

web.nvd.nist.gov

cve-2006-1801

cross-site scripting

xss

planetsearch+

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.007

Percentile

80.6%

JSON

Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter.

Affected configurations

Nvd

Node

planet_conceptplanetsearch\+Range≤2005-10-26

VendorProductVersionCPE
planet_conceptplanetsearch\+*cpe:2.3:a:planet_concept:planetsearch\+:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
planet_concept	planetsearch\+	*	cpe:2.3:a:planet_concept:planetsearch\+::::::::

References

d4igoro.blogspot.com/2006/04/planetsearch-xss-vulnerabilities.html

secunia.com/advisories/19681

www.securityfocus.com/archive/1/431033/100/0/threaded

www.securityfocus.com/bid/17527

www.vupen.com/english/advisories/2006/1368

exchange.xforce.ibmcloud.com/vulnerabilities/25832

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.007

Percentile

80.6%

JSON

Related for CVE-2006-1801