Lucene search

MitreCVE-2006-4796

HistorySep 14, 2006 - 9:07 p.m.

CVE-2006-4796

2006-09-1421:07:00

mitre

web.nvd.nist.gov

cve-2006-4796

cross-site scripting

xss

snitz forums 2000

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.9%

JSON

Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).

Affected configurations

Nvd

Node

snitz_communicationssnitz_forums_2000Match3.4.06

VendorProductVersionCPE
snitz_communicationssnitz_forums_20003.4.06cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.06:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
snitz_communications	snitz_forums_2000	3.4.06	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.06:::::::*

References

forum.snitz.com/forum/topic.asp?TOPIC_ID=62773

secunia.com/advisories/21946

securityreason.com/securityalert/1578

www.osvdb.org/28832

www.securityfocus.com/archive/1/445902/100/0/threaded

www.securityfocus.com/archive/1/446043/100/0/threaded

www.securityfocus.com/bid/20004

www.vupen.com/english/advisories/2006/3632

exchange.xforce.ibmcloud.com/vulnerabilities/28921

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.9%

JSON

Related for CVE-2006-4796