ID |
CVE-2006-5122
|
Summary |
Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 4.9 (as of 17-10-2018 - 21:41) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:S/C:P/I:P/A:N
|
refmap
via4
|
bid | 20275 | bugtraq | 20060929 Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability | secunia | 22215 | sreason | 1670 | vupen | ADV-2006-3888 | xf | mercurysitescope-multiple-xss(29295) |
|
Last major update |
17-10-2018 - 21:41 |
Published |
03-10-2006 - 04:03 |
Last modified |
17-10-2018 - 21:41 |