Lucene search

MitreCVE-2006-5791

HistoryNov 07, 2006 - 11:07 p.m.

CVE-2006-5791

2006-11-0723:07:00

mitre

web.nvd.nist.gov

cve-2006-5791

cross-site scripting

xss vulnerabilities

elog

remote attackers

html injection

web script injection

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.

Affected configurations

Nvd

Node

stefan_rittelog_web_logbookRange≤2.6.2

VendorProductVersionCPE
stefan_rittelog_web_logbook*cpe:2.3:a:stefan_ritt:elog_web_logbook:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
stefan_ritt	elog_web_logbook	*	cpe:2.3:a:stefan_ritt:elog_web_logbook::::::::

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016

secunia.com/advisories/22638

secunia.com/advisories/23580

www.debian.org/security/2006/dsa-1242

www.securityfocus.com/bid/20881

www.securityfocus.com/bid/20882

www.vupen.com/english/advisories/2006/4315

exchange.xforce.ibmcloud.com/vulnerabilities/29986

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

Related for CVE-2006-5791