Lucene search

[email protected]NVD:CVE-2006-2816

HistoryJun 05, 2006 - 5:02 p.m.

CVE-2006-2816

2006-06-0517:02:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

67.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE.

Affected configurations

Nvd

Node

coolphpcoolphp_magazineMatch-

VendorProductVersionCPE
coolphpcoolphp_magazine-cpe:2.3:a:coolphp:coolphp_magazine:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
coolphp	coolphp_magazine	-	cpe:2.3:a:coolphp:coolphp_magazine:-:::::::*

References

securityreason.com/securityalert/1029

www.securityfocus.com/archive/1/435309/100/0/threaded

www.securityfocus.com/bid/18124

exchange.xforce.ibmcloud.com/vulnerabilities/26950

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

67.7%

JSON

Related for NVD:CVE-2006-2816

prion1 cve1 cvelist1