Lucene search

[email protected]CVE-2006-6487

HistoryJan 16, 2007 - 7:28 p.m.

CVE-2006-6487

2007-01-1619:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6487

xss

dt guestbook

security vulnerability

web script injection

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.

Affected configurations

NVD

Node

dt_guestbookdt_guestbookMatch1.0f

CPENameOperatorVersion
dt_guestbook:dt_guestbookdt guestbookeq1.0f

CPE	Name	Operator	Version
dt_guestbook:dt_guestbook	dt guestbook	eq	1.0f

References

secunia.com/advisories/23778

www.netvigilance.com/advisory0010

www.osvdb.org/30787

www.securityfocus.com/archive/1/457059/100/0/threaded

www.securityfocus.com/bid/22078

www.vupen.com/english/advisories/2007/0205

exchange.xforce.ibmcloud.com/vulnerabilities/31518

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2006-6487

nvd1 securityvulns2 packetstorm1 cvelist1