Lucene search

[email protected]NVD:CVE-2006-6587

HistoryDec 15, 2006 - 7:28 p.m.

CVE-2006-6587

2006-12-1519:28:00

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.

Affected configurations

NVD

Node

apacheofbiz

References

archives.neohapsis.com/archives/fulldisclosure/2006-12/0177.html

securitytracker.com/id?1017360

www.securityfocus.com/bid/21529

issues.apache.org/jira/browse/OFBIZ-178

issues.apache.org/jira/browse/OFBIZ-260

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for NVD:CVE-2006-6587

cvelist2 cve2 openvas1 nvd1