ID CVE-2006-3320
Summary Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:sitebar:sitebar:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:sitebar:sitebar:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sitebar:sitebar:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:sitebar:sitebar:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sitebar:sitebar:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:sitebar:sitebar:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sitebar:sitebar:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:sitebar:sitebar:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sitebar:sitebar:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:sitebar:sitebar:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sitebar:sitebar:3.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:sitebar:sitebar:3.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sitebar:sitebar:*:*:*:*:*:*:*:*
    cpe:2.3:a:sitebar:sitebar:*:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
refmap via4
bid
  • 18680
  • 26126
bugtraq
  • 20060627 [Kurdish Security # 11] SiteBar Cross-Site Scripting
  • 20071018 Serious holes affecting SiteBar 3.3.8
confirm http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
debian DSA-1130
misc http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html
osvdb 26869
secunia
  • 20841
  • 21248
sreason 1174
vupen ADV-2006-2568
xf sitebar-command-xss(27421)
Last major update 18-10-2018 - 16:46
Published 30-06-2006 - 01:05
Last modified 18-10-2018 - 16:46
Back to Top