Lucene search

MitreCVE-2006-6211

HistoryDec 01, 2006 - 1:28 a.m.

CVE-2006-6211

2006-12-0101:28:00

mitre

web.nvd.nist.gov

cve-2006-6211

cross-site scripting

xss

birdblog 1.4.0

security vulnerabilities

remote attackers

html injection

web script injection

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.022

Percentile

89.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or © admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.

Affected configurations

Nvd

Node

birdblogbirdblogMatch1.4.0

VendorProductVersionCPE
birdblogbirdblog1.4.0cpe:2.3:a:birdblog:birdblog:1.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
birdblog	birdblog	1.4.0	cpe:2.3:a:birdblog:birdblog:1.4.0:::::::*

References

securityreason.com/securityalert/1945

www.securityfocus.com/archive/1/452084/100/200/threaded

www.securityfocus.com/bid/21184

exchange.xforce.ibmcloud.com/vulnerabilities/30428

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.022

Percentile

89.4%

JSON

Related for CVE-2006-6211