CVE-2006-3385

Опубликовано: 06 июл. 2006

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.

Ссылки

http://secunia.com/advisories/20936
Vendor Advisory
http://www.acid-root.new.fr/advisories/news52.txt
Vendor Advisory
http://www.securityfocus.com/archive/1/438859/100/0/threaded
http://www.securityfocus.com/bid/18775
Exploit
http://www.vupen.com/english/advisories/2006/2642
https://exchange.xforce.ibmcloud.com/vulnerabilities/27505
http://secunia.com/advisories/20936
Vendor Advisory
http://www.acid-root.new.fr/advisories/news52.txt
Vendor Advisory
http://www.securityfocus.com/archive/1/438859/100/0/threaded
http://www.securityfocus.com/bid/18775
Exploit
http://www.vupen.com/english/advisories/2006/2642
https://exchange.xforce.ibmcloud.com/vulnerabilities/27505

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vincent_leclercq:news:5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00622

Низкий

5.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9qq8-fg73-j2ww

github

почти 4 года назад