Lucene search

MitreCVE-2006-2140

HistoryMay 02, 2006 - 10:02 a.m.

CVE-2006-2140

2006-05-0210:02:00

mitre

web.nvd.nist.gov

cve-2006-2140

xss

web script injection

orbithyip 2.0

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.

Affected configurations

Nvd

Node

orbitscriptsorbithyipMatch2.0

VendorProductVersionCPE
orbitscriptsorbithyip2.0cpe:2.3:a:orbitscripts:orbithyip:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
orbitscripts	orbithyip	2.0	cpe:2.3:a:orbitscripts:orbithyip:2.0:::::::*

References

pridels0.blogspot.com/2006/04/orbithyip-xss.html

secunia.com/advisories/19877

www.osvdb.org/25141

www.osvdb.org/25142

www.securityfocus.com/bid/17766

www.vupen.com/english/advisories/2006/1583

exchange.xforce.ibmcloud.com/vulnerabilities/26163

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

Related for CVE-2006-2140