Lucene search

[email protected]CVE-2006-3211

HistoryJun 24, 2006 - 1:06 a.m.

CVE-2006-3211

2006-06-2401:06:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2006

3211

cross-site scripting

xss

vulnerability

cjguestbook

sign.php

img bbcode

comments parameter

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter.

Affected configurations

NVD

Node

cjguestbook_projectcjguestbookRange≤1.3

CPENameOperatorVersion
cjguestbook_project:cjguestbookcjguestbook project cjguestbookle1.3

CPE	Name	Operator	Version
cjguestbook_project:cjguestbook	cjguestbook project cjguestbook	le	1.3

References

secunia.com/advisories/20751

securityreason.com/securityalert/1141

www.securityfocus.com/archive/1/438008/100/0/threaded

www.securityfocus.com/bid/18556

www.vupen.com/english/advisories/2006/2488

exchange.xforce.ibmcloud.com/vulnerabilities/27322

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

Related for CVE-2006-3211

nvd1 cvelist1