CVE-2006-6082 - Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attack

CVE-2006-6082

Summary

Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.

References

http://s-a-p.ca/index.php?page=OurAdvisories&id=54
http://www.securityfocus.com/bid/21230
http://secunia.com/advisories/23067
http://securityreason.com/securityalert/1907
http://www.vupen.com/english/advisories/2006/4665
https://exchange.xforce.ibmcloud.com/vulnerabilities/30473
http://www.securityfocus.com/archive/1/452241/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:creascripts:creadirectory:1.2:*:*:*:*:*:*:*
cpe:2.3:a:creascripts:creadirectory:1.2:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	21230
bugtraq	20061121 creadirectory [injection sql & xss]
misc	http://s-a-p.ca/index.php?page=OurAdvisories&id=54
secunia	23067
sreason	1907
vupen	ADV-2006-4665
xf	creadirectory-addlisting-search-xss(30473)

Last major update

14-02-2024 - 01:17

Published

24-11-2006 - 18:07

Last modified

14-02-2024 - 01:17