1. CVE-Search
  2. CVE-2006-2750
ID CVE-2006-2750
Summary Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message. Upgrade to version 0.7.0.1
References
Vulnerable Configurations
  • cpe:2.3:a:open_searchable_image_catalogue:open_searchable_image_catalogue:*:*:*:*:*:*:*:*
    cpe:2.3:a:open_searchable_image_catalogue:open_searchable_image_catalogue:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 18-10-2018 - 16:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 18169
bugtraq 20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities
confirm http://sourceforge.net/forum/forum.php?forum_id=576483
misc
sectrack 1016178
secunia 20341
sreason 1014
xf osic-core-xss(26966)
Last major update 18-10-2018 - 16:41
Published 01-06-2006 - 10:02
Last modified 18-10-2018 - 16:41
Back to Top