Lucene search

[email protected]CVE-2006-6985

HistoryFeb 09, 2007 - 1:28 a.m.

CVE-2006-6985

2007-02-0901:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6985

maxthon

cross-domain vulnerability

remote attackers

restricted information

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker’s originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Affected configurations

NVD

Node

maxthonmaxthonMatch1.5.6_build_42

CPENameOperatorVersion
maxthon:maxthonmaxthoneq1.5.6_build_42

CPE	Name	Operator	Version
maxthon:maxthon	maxthon	eq	1.5.6_build_42

References

pridels0.blogspot.com/2006/06/multiple-browsers-information.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2006-6985

cvelist11 nvd11 cert1 checkpoint_advisories1 cve10 securityvulns2 nessus1