Lucene search

[email protected]CVE-2006-3617

HistoryJul 18, 2006 - 3:46 p.m.

CVE-2006-3617

2006-07-1815:46:00

[email protected]

web.nvd.nist.gov

cve-2006-3617

xss

pblguestbook.php

pixelated by lev

pbl guestbook

web script

html

security vulnerability

remote attack

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.237 Low

EPSS

Percentile

96.6%

JSON

Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear.

Affected configurations

NVD

Node

pixelated_by_levpixelated_by_lev_guestbookMatch1.32

CPENameOperatorVersion
pixelated_by_lev:pixelated_by_lev_guestbookpixelated by lev pixelated by lev guestbookeq1.32

CPE	Name	Operator	Version
pixelated_by_lev:pixelated_by_lev_guestbook	pixelated by lev pixelated by lev guestbook	eq	1.32

References

www.neosecurityteam.net/index.php?action=advisories&id=23

www.securityfocus.com/archive/1/439486/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/27006

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.237 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2006-3617

nvd2 cvelist2 cve1