CVE-2006-1144 - Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrar

CVE-2006-1144

Summary

Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.

References

http://secunia.com/advisories/19155
http://www.osvdb.org/23757
http://www.osvdb.org/23758
http://www.securityfocus.com/archive/1/426931/100/0/threaded
http://www.securityfocus.com/bid/17025
http://www.vupen.com/english/advisories/2006/0886
https://exchange.xforce.ibmcloud.com/vulnerabilities/25105

Vulnerable Configurations

cpe:2.3:a:david_ravenscroft:hithost:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:david_ravenscroft:hithost:1.0.0:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	17025
bugtraq	20060306 histhost v1.0.0 xss and possible rmdir
osvdb	23757 23758
secunia	19155
vupen	ADV-2006-0886
xf	hithost-viewuser-deleteuser-xss(25105)

Last major update

18-10-2018 - 16:30

Published

10-03-2006 - 11:02

Last modified

18-10-2018 - 16:30