Lucene search
HistoryDec 10, 2006 - 11:28 a.m.
CVE-2006-6436
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
5.7
Confidence
High
EPSS
0.007
Percentile
81.1%
Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages.
Affected configurations
Node
xeroxworkcentre_232
ORxeroxworkcentre_232pro
ORxeroxworkcentre_238
ORxeroxworkcentre_238pro
ORxeroxworkcentre_245
ORxeroxworkcentre_245pro
ORxeroxworkcentre_255
ORxeroxworkcentre_255pro
ORxeroxworkcentre_265
ORxeroxworkcentre_265pro
ORxeroxworkcentre_275
ORxeroxworkcentre_275pro
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xerox | workcentre_232 | * | cpe:2.3:h:xerox:workcentre_232:*:*:*:*:*:*:*:* |
| xerox | workcentre_232 | * | cpe:2.3:h:xerox:workcentre_232:*:*:pro:*:*:*:*:* |
| xerox | workcentre_238 | * | cpe:2.3:h:xerox:workcentre_238:*:*:*:*:*:*:*:* |
| xerox | workcentre_238 | * | cpe:2.3:h:xerox:workcentre_238:*:*:pro:*:*:*:*:* |
| xerox | workcentre_245 | * | cpe:2.3:h:xerox:workcentre_245:*:*:*:*:*:*:*:* |
| xerox | workcentre_245 | * | cpe:2.3:h:xerox:workcentre_245:*:*:pro:*:*:*:*:* |
| xerox | workcentre_255 | * | cpe:2.3:h:xerox:workcentre_255:*:*:*:*:*:*:*:* |
| xerox | workcentre_255 | * | cpe:2.3:h:xerox:workcentre_255:*:*:pro:*:*:*:*:* |
| xerox | workcentre_265 | * | cpe:2.3:h:xerox:workcentre_265:*:*:*:*:*:*:*:* |
| xerox | workcentre_265 | * | cpe:2.3:h:xerox:workcentre_265:*:*:pro:*:*:*:*:* |
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
5.7
Confidence
High
EPSS
0.007
Percentile
81.1%
Related for NVD:CVE-2006-6436