CVE-2006-3494
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.1%
Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in © view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vastal_i-tech | buddy_zone | * | cpe:2.3:a:vastal_i-tech:buddy_zone:*:*:*:*:*:*:*:* |
References
secunia.com/advisories/20933
securityreason.com/securityalert/1209
www.osvdb.org/26979
www.osvdb.org/26980
www.osvdb.org/26981
www.osvdb.org/26982
www.osvdb.org/26983
www.osvdb.org/26984
www.osvdb.org/26985
www.osvdb.org/26988
www.osvdb.org/26989
www.osvdb.org/26990
www.osvdb.org/26991
www.osvdb.org/26992
www.osvdb.org/26993
www.securityfocus.com/archive/1/438868/100/0/threaded
www.securityfocus.com/archive/1/440144/100/100/threaded
www.securityfocus.com/bid/18759
www.vupen.com/english/advisories/2006/2645
exchange.xforce.ibmcloud.com/vulnerabilities/27514
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.1%