CVE-2006-0122 - Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers

CVE-2006-0122

Summary

Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. Vendor provided solution: "Liquid Development has identified this vulnerability in all shipping versions of AquiferCMS and coded a software fix. The fix will be included in all releases of AquiferCMS built on or after January 24, 2006. Customers should contact Liquid Development to obtain the fix for this vulnerability. For more information visit www.aquifercms.com."

References

Vulnerable Configurations

cpe:2.3:a:aquifer_cms:aquifer_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:aquifer_cms:aquifer_cms:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 08-03-2011 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	16162
misc	http://osvdb.org/ref/22/22247-aquifer.txt
osvdb	22247
secunia	18326
vim	20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd)
vupen	ADV-2006-0074

Last major update

08-03-2011 - 02:29

Published

09-01-2006 - 11:03

Last modified

08-03-2011 - 02:29