1. CVE-Search
  2. CVE-2006-3377
ID CVE-2006-3377
Summary Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi.
References
Vulnerable Configurations
  • cpe:2.3:a:jmb_software:autorank:*:*:*:*:*:*:*:*
    cpe:2.3:a:jmb_software:autorank:*:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:N
refmap via4
bid 18796
bugtraq 20060702 [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure
misc http://www.majorsecurity.de/advisory/major_rls19.txt
sectrack
  • 1016428
  • 1016429
secunia
  • 20903
  • 20929
vupen
  • ADV-2006-2658
  • ADV-2006-2659
xf autorankpro-adminmain-xss(27552)
Last major update 18-10-2018 - 16:47
Published 06-07-2006 - 20:05
Last modified 18-10-2018 - 16:47
Back to Top