1. CVE-Search
  2. CVE-2006-5127
ID CVE-2006-5127
Summary Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.
References
Vulnerable Configurations
  • cpe:2.3:a:conpresso:conpresso_cms:*:*:*:*:*:*:*:*
    cpe:2.3:a:conpresso:conpresso_cms:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 17-10-2018 - 21:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 20273
bugtraq 20060929 [MajorSecurity Advisory #28]ConPresso CMS - Multiple Cross Site Scripting and SQL Injection Issues
confirm http://download.compresso.de/compresso-4.0.5a.zip
misc http://www.majorsecurity.de/index_2.php?major_rls=major_rls28
secunia 22145
sreason 1671
vupen ADV-2006-3868
xf conpressocms-multiple-scripts-xss(29272)
Last major update 17-10-2018 - 21:41
Published 03-10-2006 - 04:03
Last modified 17-10-2018 - 21:41
Back to Top