CVE-2006-5853

Опубликовано: 10 нояб. 2006

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie.

Ссылки

http://securityreason.com/securityalert/1845
http://www.procheckup.com/Vulner_PR0506.php
http://www.securityfocus.com/archive/1/450960
Exploit
http://www.securityfocus.com/bid/20965
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30136
http://securityreason.com/securityalert/1845
http://www.procheckup.com/Vulner_PR0506.php
http://www.securityfocus.com/archive/1/450960
Exploit
http://www.securityfocus.com/bid/20965
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30136

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:immediacy:immediacy_.net_cms:5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05872

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-89q4-3vm4-2v5v

github

почти 4 года назад