1. CVE-Search
  2. CVE-2006-3848
ID CVE-2006-3848
Summary Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.
References
Vulnerable Configurations
  • cpe:2.3:a:krischan_jodies:ip_calculator:0.40:*:*:*:*:*:*:*
    cpe:2.3:a:krischan_jodies:ip_calculator:0.40:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 17-10-2018 - 21:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
refmap via4
bid 19130
bugtraq
  • 20060722 Low security hole affecting IPCalc's CGI wrapper
  • 20060727 Re: Low security hole affecting IPCalc's CGI wrapper
fulldisc 20060722 Low security hole affecting IPCalc's CGI wrapper
misc http://archives.neohapsis.com/archives/fulldisclosure/2006-07/att-0487/NDSA20060705.txt.asc
osvdb 27446
secunia 21151
vupen ADV-2006-2944
xf ipcalculator-ipcalc-xss(27924)
Last major update 17-10-2018 - 21:31
Published 25-07-2006 - 23:04
Last modified 17-10-2018 - 21:31
Back to Top