CVE-2006-2178

Опубликовано: 04 мая 2006

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection.

Ссылки

http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html
http://secunia.com/advisories/19889
Vendor Advisory
http://www.osvdb.org/25197
Exploit
http://www.osvdb.org/25198
Exploit
http://www.osvdb.org/25199
Exploit
http://www.securityfocus.com/bid/17829
Exploit
http://www.vupen.com/english/advisories/2006/1630
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26202
http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html
http://secunia.com/advisories/19889
Vendor Advisory
http://www.osvdb.org/25197
Exploit
http://www.osvdb.org/25198
Exploit
http://www.osvdb.org/25199
Exploit
http://www.securityfocus.com/bid/17829
Exploit
http://www.vupen.com/english/advisories/2006/1630
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26202

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smartwin_technology:cyberoffice_warehouse_builder:*:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.0072

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m3w7-436f-qxfh

github

почти 4 года назад