ID CVE-2006-6363
Summary Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:bluesocket:bsc_2100:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:bluesocket:bsc_2100:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bluesocket:bsc_2100:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:bluesocket:bsc_2100:5.1:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 21419
bugtraq 20061202 [ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS
secunia 23238
sreason 1991
vupen ADV-2006-4844
xf bluesecurecontroller-admin-xss(30735)
Last major update 17-10-2018 - 21:47
Published 07-12-2006 - 11:28
Back to Top