CVE-2006-2965 - Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remo

CVE-2006-2965

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box."

References

http://secunia.com/advisories/20490
http://securityreason.com/securityalert/1071
http://www.securityfocus.com/archive/1/436113/100/0/threaded
http://www.vupen.com/english/advisories/2006/2168
https://exchange.xforce.ibmcloud.com/vulnerabilities/26954

Vulnerable Configurations

cpe:2.3:a:particle_soft:particle_whois:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:particle_soft:particle_whois:1.0.3:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2018 - 16:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20060606 ParticleSoft Whois v1.0.3
secunia	20490
sreason	1071
vupen	ADV-2006-2168
xf	particlewhois-index-xss(26954)

Last major update

18-10-2018 - 16:45

Published

12-06-2006 - 20:06

Last modified

18-10-2018 - 16:45