Lucene search

MitreCVE-2006-5496

HistoryOct 25, 2006 - 10:07 a.m.

CVE-2006-5496

2006-10-2510:07:00

mitre

web.nvd.nist.gov

cve-2006-5496

cross-site scripting

xss

timothy claason

knowledgebank 1.01

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.

Affected configurations

Nvd

Node

timothy_claasonknowledgebankMatch1.01

VendorProductVersionCPE
timothy_claasonknowledgebank1.01cpe:2.3:a:timothy_claason:knowledgebank:1.01:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
timothy_claason	knowledgebank	1.01	cpe:2.3:a:timothy_claason:knowledgebank:1.01:::::::*

References

securityreason.com/securityalert/1769

securitytracker.com/id?1017097

www.armorize.com/resources/vulnerability.php?Keyword=Armorize-ADV-2006-0006

www.securityfocus.com/archive/1/449231/100/0/threaded

www.securityfocus.com/bid/20641

exchange.xforce.ibmcloud.com/vulnerabilities/29700

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Related for CVE-2006-5496