ID CVE-2006-1761
Summary Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name.
References
Vulnerable Configurations
  • cpe:2.3:a:blursoft:blur6ex:0.3.462:*:*:*:*:*:*:*
    cpe:2.3:a:blursoft:blur6ex:0.3.462:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2018 - 16:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
refmap via4
bid 17465
bugtraq
  • 20060411 Multiple vulnerabilities in Blur6ex
  • 20060413 Re: Multiple vulnerabilities in Blur6ex
vim 20060412 Multiple vulnerabilities in Blur6ex (fwd)
xf blur6ex-index-xss(25757)
Last major update 18-10-2018 - 16:36
Published 13-04-2006 - 01:06
Back to Top