Lucene search

Ubuntu.comUB:CVE-2006-0070

HistoryJan 04, 2006 - 12:00 a.m.

CVE-2006-0070

2006-01-0400:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.8%

JSON

DISPUTED Drupal allows remote attackers to conduct cross-site
scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript
function name, as demonstrated using variations of the alert() function.
NOTE: a followup by the vendor suggests that the issue does not exist in
4.5.6 or 4.6.4 when “Filtered HTML” is enabled, and since “Full HTML” would
not filter HTML by design, perhaps this should not be included in CVE.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1UNKNOWN
ubuntu6.10noarchfirefox< 2.0.0.6+0dfsg-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchfirefox< 2.0.0.6+1-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1	UNKNOWN
ubuntu	6.10	noarch	firefox	< 2.0.0.6+0dfsg-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	firefox	< 2.0.0.6+1-0ubuntu1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2006-0070

nvd.nist.gov/vuln/detail/CVE-2006-0070

security-tracker.debian.org/tracker/CVE-2006-0070

www.cve.org/CVERecord?id=CVE-2006-0070

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for UB:CVE-2006-0070