Lucene search

MitreCVE-2006-2178

HistoryMay 04, 2006 - 12:38 p.m.

CVE-2006-2178

2006-05-0412:38:00

CWE-79

mitre

web.nvd.nist.gov

cve-2006-2178

cross-site scripting

xss

cyberbuild

remote code injection

nvd

security vulnerabilities

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection.

Affected configurations

Nvd

Node

smartwin_technologycyberoffice_warehouse_builder

VendorProductVersionCPE
smartwin_technologycyberoffice_warehouse_builder*cpe:2.3:a:smartwin_technology:cyberoffice_warehouse_builder:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
smartwin_technology	cyberoffice_warehouse_builder	*	cpe:2.3:a:smartwin_technology:cyberoffice_warehouse_builder::::::::

References

pridels0.blogspot.com/2006/05/cyberbuild-vuln.html

secunia.com/advisories/19889

www.osvdb.org/25197

www.osvdb.org/25198

www.osvdb.org/25199

www.securityfocus.com/bid/17829

www.vupen.com/english/advisories/2006/1630

exchange.xforce.ibmcloud.com/vulnerabilities/26202

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Related for CVE-2006-2178