Lucene search

MitreCVE-2006-3333

HistoryJun 30, 2006 - 11:05 p.m.

CVE-2006-3333

2006-06-3023:05:00

mitre

web.nvd.nist.gov

cve-2006-3333

cross-site scripting

xss

zorum forum 3.5

remote attackers

web script injection

html injection

sql injection

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection.

Affected configurations

Nvd

Node

phpoutsourcingzorumMatch3.5

VendorProductVersionCPE
phpoutsourcingzorum3.5cpe:2.3:a:phpoutsourcing:zorum:3.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpoutsourcing	zorum	3.5	cpe:2.3:a:phpoutsourcing:zorum:3.5:::::::*

References

pridels0.blogspot.com/2006/06/zorum-forum-35-vuln.html

exchange.xforce.ibmcloud.com/vulnerabilities/19598

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

Related for CVE-2006-3333