Lucene search

MitreCVE-2006-5129

HistoryOct 03, 2006 - 4:03 a.m.

CVE-2006-5129

2006-10-0304:03:00

mitre

web.nvd.nist.gov

cve-2006-5129

xss vulnerabilities

ph03y3nk

jaf cms 4.0 rc1

remote code injection

web script

html

shoutbox

forum post

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

High

EPSS

0.005

Percentile

77.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables.

Affected configurations

Nvd

Node

salims_softhousejaf_cmsMatch4.0rc1

VendorProductVersionCPE
salims_softhousejaf_cms4.0cpe:2.3:a:salims_softhouse:jaf_cms:4.0:rc1:*:*:*:*:*:*

Vendor	Product	Version	CPE
salims_softhouse	jaf_cms	4.0	cpe:2.3:a:salims_softhouse:jaf_cms:4.0:rc1::::::

References

secunia.com/advisories/22143

securityreason.com/securityalert/1674

www.securityfocus.com/archive/1/447081/100/0/threaded

www.securityfocus.com/bid/20225

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

High

EPSS

0.005

Percentile

77.1%

JSON

Related for CVE-2006-5129