CVE-2006-6223

Опубликовано: 02 дек. 2006

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.

Ссылки

http://secunia.com/advisories/23239
Vendor Advisory
http://securitytracker.com/id?1017317
http://sla.ckers.org/forum/read.php?3%2C3109
http://www.kb.cert.org/vuls/id/989144
US Government Resource
http://www.securityfocus.com/bid/21438
http://www.vupen.com/english/advisories/2006/4789
https://exchange.xforce.ibmcloud.com/vulnerabilities/30647
http://secunia.com/advisories/23239
Vendor Advisory
http://securitytracker.com/id?1017317
http://sla.ckers.org/forum/read.php?3%2C3109
http://www.kb.cert.org/vuls/id/989144
US Government Resource
http://www.securityfocus.com/bid/21438
http://www.vupen.com/english/advisories/2006/4789
https://exchange.xforce.ibmcloud.com/vulnerabilities/30647

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*

cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.02064

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-pm73-cpw4-m5p4

github

почти 4 года назад