MitreCVE-2006-2491CVE-2006-2491
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.3%
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER[“PHP_SELF”] variable.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| boastmachine | boastmachine | * | cpe:2.3:a:boastmachine:boastmachine:*:*:*:*:*:*:*:* |
| boastmachine | boastmachine | 3.0 | cpe:2.3:a:boastmachine:boastmachine:3.0:*:platinum:*:*:*:*:* |
| kailash_nadh | boastmachine | 2.5 | cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:* |
| kailash_nadh | boastmachine | 2.7 | cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:* |
| kailash_nadh | boastmachine | 2.8 | cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:* |
| kailash_nadh | boastmachine | 2.9b | cpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:* |
References
secunia.com/advisories/20149
securityreason.com/securityalert/725
securityreason.com/securityalert/927
www.osvdb.org/25617
www.osvdb.org/25618
www.securityfocus.com/archive/1/434294/100/0/threaded
www.securityfocus.com/bid/18012
www.vupen.com/english/advisories/2006/1853
exchange.xforce.ibmcloud.com/vulnerabilities/26518
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.3%