CVE-2006-2821 - Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attacke

CVE-2006-2821

Summary

Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php.

References

http://securityreason.com/securityalert/1027
http://soot.shabgard.org/bugs/propublish.txt
http://www.securityfocus.com/archive/1/435787/100/0/threaded
http://www.securityfocus.com/bid/18243

Vulnerable Configurations

cpe:2.3:a:deltascripts:pro_publish:2.0:*:*:*:*:*:*:*
cpe:2.3:a:deltascripts:pro_publish:2.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 18-10-2018 - 16:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	18243
bugtraq	20060602 Pro Publish SQL Injection and XSS Vulnerabilities
misc	http://soot.shabgard.org/bugs/propublish.txt
sreason	1027

Last major update

18-10-2018 - 16:43

Published

05-06-2006 - 17:02

Last modified

18-10-2018 - 16:43