Lucene search

MitreCVE-2006-2979

HistoryJun 12, 2006 - 10:02 p.m.

CVE-2006-2979

2006-06-1222:02:00

mitre

web.nvd.nist.gov

cve-2006-2979

cross-site scripting

xss

viart shop free

security vulnerability

remote attack

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php.

Affected configurations

Nvd

Node

viartshopMatch2.5.5_free

VendorProductVersionCPE
viartshop2.5.5_freecpe:2.3:a:viart:shop:2.5.5_free:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
viart	shop	2.5.5_free	cpe:2.3:a:viart:shop:2.5.5_free:::::::*

References

secunia.com/advisories/20538

securityreason.com/securityalert/1087

www.attrition.org/pipermail/vim/2006-June/000846.html

www.codetosell.com/downloads/xss_fix.zip

www.securityfocus.com/archive/1/436415/100/0/threaded

www.securityfocus.com/bid/18369

www.vupen.com/english/advisories/2006/2253

exchange.xforce.ibmcloud.com/vulnerabilities/27112

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON

Related for CVE-2006-2979