Lucene search

[email protected]CVE-2006-3841

HistoryJul 25, 2006 - 11:04 p.m.

CVE-2006-3841

2006-07-2523:04:00

[email protected]

web.nvd.nist.gov

cve-2006-3841

cross-site scripting

xss

webscarab

url injection

security vulnerability

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

JSON

Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.

Affected configurations

NVD

Node

owaspwebscarabMatch2006-06-21

CPENameOperatorVersion
owasp:webscarabowasp webscarabeq2006-06-21

CPE	Name	Operator	Version
owasp:webscarab	owasp webscarab	eq	2006-06-21

References

lists.grok.org.uk/pipermail/full-disclosure/2006-July/047995.html

moritz-naumann.com/adv/0012/webscarabxss/0012.txt

secunia.com/advisories/21114

securityreason.com/securityalert/1276

www.securityfocus.com/archive/1/440441/100/0/threaded

www.securityfocus.com/bid/19063

www.vupen.com/english/advisories/2006/2878

exchange.xforce.ibmcloud.com/vulnerabilities/27797

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for CVE-2006-3841

nvd1 cvelist1