CVE-2006-1889 - Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen

CVE-2006-1889

Summary

Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter).

References

http://secunia.com/advisories/19654
http://securityreason.com/securityalert/718
http://securityreason.com/securityalert/766
http://securitytracker.com/id?1015948
http://www.securityfocus.com/archive/1/431072/100/0/threaded
http://www.securityfocus.com/bid/17549
http://www.vupen.com/english/advisories/2006/1413
https://exchange.xforce.ibmcloud.com/vulnerabilities/25805

Vulnerable Configurations

cpe:2.3:a:script-solution.de:boardsolution:*:*:*:*:*:*:*:*
cpe:2.3:a:script-solution.de:boardsolution:*:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 18-10-2018 - 16:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

bid	17549
bugtraq	20060415 Boardsolution <= 1.12 XSS
sectrack	1015948
secunia	19654
sreason	718 766
vupen	ADV-2006-1413
xf	boardsolution-index-xss(25805)

Last major update

18-10-2018 - 16:37

Published

20-04-2006 - 10:02

Last modified

18-10-2018 - 16:37