CVE-2006-6925

Опубликовано: 13 янв. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html
Exploit
Vendor Advisory
http://secunia.com/advisories/22793
Vendor Advisory
http://securityreason.com/securityalert/2144
http://www.securityfocus.com/bid/20988
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/20996
Exploit
Vendor Advisory
http://www.vupen.com/english/advisories/2006/4485
https://exchange.xforce.ibmcloud.com/vulnerabilities/30167
http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html
Exploit
Vendor Advisory
http://secunia.com/advisories/22793
Vendor Advisory
http://securityreason.com/securityalert/2144
http://www.securityfocus.com/bid/20988
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/20996
Exploit
Vendor Advisory
http://www.vupen.com/english/advisories/2006/4485
https://exchange.xforce.ibmcloud.com/vulnerabilities/30167

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bitweaver:bitweaver:1.1:*:*:*:*:*:*:*

cpe:2.3:a:bitweaver:bitweaver:1.1.1_beta:*:*:*:*:*:*:*

cpe:2.3:a:bitweaver:bitweaver:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:bitweaver:bitweaver:1.3:*:*:*:*:*:*:*

cpe:2.3:a:bitweaver:bitweaver:1.3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08938

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rq3w-qmr8-mrc6

github

почти 4 года назад