Lucene search

MitreCVE-2006-1916

HistoryApr 20, 2006 - 6:06 p.m.

CVE-2006-1916

2006-04-2018:06:00

mitre

web.nvd.nist.gov

cve-2006-1916

cross-site scripting

xss

dbbs

security vulnerabilities

web script injection

html injection

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters.

Affected configurations

Nvd

Node

dbbsdbbsRange≤2.0-alpha

dbbsdbbsMatch2.0

VendorProductVersionCPE
dbbsdbbs*cpe:2.3:a:dbbs:dbbs:*:*:*:*:*:*:*:*
dbbsdbbs2.0cpe:2.3:a:dbbs:dbbs:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dbbs	dbbs	*	cpe:2.3:a:dbbs:dbbs::::::::
dbbs	dbbs	2.0	cpe:2.3:a:dbbs:dbbs:2.0:::::::*

References

securityreason.com/securityalert/771

www.securityfocus.com/archive/1/431117

www.securityfocus.com/bid/17559

exchange.xforce.ibmcloud.com/vulnerabilities/25923

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

Related for CVE-2006-1916