Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-5791HistoryNov 07, 2006 - 11:07 p.m.
CVE-2006-5791
2006-11-0723:07:00
Debian Security Bug Tracker
security-tracker.debian.org
13
EPSS
0.006
Percentile
78.8%
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | elog | < 3.1.3-1-1 | elog_3.1.3-1-1_all.deb |
Related
nvd
nvd
CVE-2006-5791
2006-11-07 23:07:00
cvelist
cvelist
CVE-2006-5791
2006-11-07 23:00:00
ubuntucve
ubuntucve
CVE-2006-5791
2006-11-07 00:00:00
cve
cve
CVE-2006-5791
2006-11-07 23:07:00
osv
osv
elog
2006-12-27 00:00:00
openvas
openvas
Debian Security Advisory DSA 1242-1 (elog)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1242-1)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution
2006-12-27 22:33:30
nessus
nessus
Debian DSA-1242-1 : elog - several vulnerabilities
2006-12-30 00:00:00