Lucene search

MitreCVE-2006-7076

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2006-7076

2007-03-0221:18:00

mitre

web.nvd.nist.gov

cve-2006-7076

cross-site scripting

xss

vulnerability

guestbook.php

advanced guestbook 2.4

phpbb

remote attackers

web script

html

entry parameter

sql injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.004

Percentile

75.0%

JSON

Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.

Affected configurations

Nvd

Node

phpbb_groupphpbb_advanced_guestbookMatch2.4.0

VendorProductVersionCPE
phpbb_groupphpbb_advanced_guestbook2.4.0cpe:2.3:a:phpbb_group:phpbb_advanced_guestbook:2.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpbb_group	phpbb_advanced_guestbook	2.4.0	cpe:2.3:a:phpbb_group:phpbb_advanced_guestbook:2.4.0:::::::*

References

archives.neohapsis.com/archives/bugtraq/2006-07/0381.html

secunia.com/advisories/19905

securityreason.com/securityalert/2323

www.majorsecurity.de/advisory/major_rls25.txt

exchange.xforce.ibmcloud.com/vulnerabilities/27907

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.004

Percentile

75.0%

JSON

Related for CVE-2006-7076