Lucene search

[email protected]CVE-2006-3212

HistoryJun 24, 2006 - 1:06 a.m.

CVE-2006-3212

2006-06-2401:06:00

[email protected]

web.nvd.nist.gov

cve-2006-3212

cross-site scripting

xss

cjguestbook

sign.php

vulnerability

security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject web script or HTML via the (1) name, (2) email, (3) add, and (4) wName parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

cjguestbookcjguestbookRange≤1.3

cjguestbookcjguestbookMatch1.2

CPENameOperatorVersion
cjguestbook:cjguestbookcjguestbookle1.3
cjguestbook:cjguestbookcjguestbookeq1.2

CPE	Name	Operator	Version
cjguestbook:cjguestbook	cjguestbook	le	1.3
cjguestbook:cjguestbook	cjguestbook	eq	1.2

References

secunia.com/advisories/20751

www.securityfocus.com/bid/18591

www.vupen.com/english/advisories/2006/2488

exchange.xforce.ibmcloud.com/vulnerabilities/27326

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVE-2006-3212

cvelist1 nvd1