Lucene search

MitreCVE-2006-2423

HistoryMay 17, 2006 - 10:06 a.m.

CVE-2006-2423

2006-05-1710:06:00

mitre

web.nvd.nist.gov

cve

2006

2423

xss

vulnerability

confixx

ftplogin

index.php

web script

html

remote attackers

security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter.

Affected configurations

Nvd

Node

swsoftconfixxRange≤3.1.2

swsoftconfixxMatch3.0.6

swsoftconfixxMatch3.0.8

VendorProductVersionCPE
swsoftconfixx3.0.8cpe:/a:swsoft:confixx:3.0.8:::
swsoftconfixxcpe:/a:swsoft:confixx::::
swsoftconfixx3.0.6cpe:/a:swsoft:confixx:3.0.6:::

Vendor	Product	Version	CPE
swsoft	confixx	3.0.8	cpe:/a:swsoft:confixx:3.0.8:::
swsoft	confixx		cpe:/a:swsoft:confixx::::
swsoft	confixx	3.0.6	cpe:/a:swsoft:confixx:3.0.6:::

References

secunia.com/advisories/20105

securityreason.com/securityalert/687

securityreason.com/securityalert/903

www.osvdb.org/25525

www.securityfocus.com/archive/1/434034/100/0/threaded

www.securityfocus.com/bid/17984

www.vupen.com/english/advisories/2006/1817

exchange.xforce.ibmcloud.com/vulnerabilities/26472

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

Related for CVE-2006-2423