CVE-2006-0078 - Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to

CVE-2006-0078

Summary

Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php.

References

Vulnerable Configurations

cpe:2.3:a:haddad_said:b-net_software:1.0:*:*:*:*:*:*:*
cpe:2.3:a:haddad_said:b-net_software:1.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 19-10-2018 - 15:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	16114
bugtraq	20060102 [eVuln] B-net Software Multiple XSS Vulnerabilities 20060825 Re: [eVuln] B-net Software Multiple XSS Vulnerabilities
confirm	http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067
misc	http://evuln.com/vulns/10/summary.html
osvdb	22190 22191
secunia	18271
sreason	316
vupen	ADV-2006-0018

Last major update

19-10-2018 - 15:42

Published

04-01-2006 - 06:03

Last modified

19-10-2018 - 15:42