CVE-2006-7125 - Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attac

CVE-2006-7125

Summary

Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics. Successful exploitation requires that "magic_quotes_gpc" is disabled.

References

Vulnerable Configurations

cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:joomla:bsq_sitestats:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:joomla:bsq_sitestats:2.1.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	20614
bugtraq	20061018 Secunia Research: Joomla BSQ Sitestats Script Insertion and SQLInjection
misc	http://secunia.com/secunia_research/2006-65/advisory/
vupen	ADV-2006-4090
xf	bsq-sitestats-http-referer-xss(29661)

Last major update

16-10-2018 - 16:29

Published

06-03-2007 - 01:19

Last modified

16-10-2018 - 16:29