ID CVE-2006-0521
Summary Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag.
References
Vulnerable Configurations
  • cpe:2.3:a:browsercrm:browsercrm:*:*:*:*:*:*:*:*
    cpe:2.3:a:browsercrm:browsercrm:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 16435
bugtraq 20060131 BrowserCRM vulnerable for XSS
osvdb 22841
secunia 18658
sreason 393
vupen ADV-2006-0391
xf browsercrm-results-xss(24390)
Last major update 19-10-2018 - 15:45
Published 02-02-2006 - 11:02
Last modified 19-10-2018 - 15:45
Back to Top