Lucene search

[email protected]CVE-2006-2243

HistoryMay 09, 2006 - 10:02 a.m.

CVE-2006-2243

2006-05-0910:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2243

cross-site scripting

xss

web4future news portal

remote attackers

arbitrary web script

html

sql injection

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection.

Affected configurations

NVD

Node

web4futurenews_portal

CPENameOperatorVersion
web4future:news_portalweb4future news portaleq*

CPE	Name	Operator	Version
web4future:news_portal	web4future news portal	eq	*

References

secunia.com/advisories/17880

securitytracker.com/id?1016027

www.osvdb.org/25287

www.osvdb.org/25288

exchange.xforce.ibmcloud.com/vulnerabilities/26259

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2006-2243

prion1 nvd1 cvelist1