CVE-2006-0172 - Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (a

CVE-2006-0172

Summary

Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting.

References

Vulnerable Configurations

cpe:2.3:a:hummingbird:enterprise_collaboration:5.2:*:*:*:*:*:*:*
cpe:2.3:a:hummingbird:enterprise_collaboration:5.2:*:*:*:*:*:*:*
cpe:2.3:a:hummingbird:enterprise_collaboration:-:*:*:*:*:*:*:*
cpe:2.3:a:hummingbird:enterprise_collaboration:-:*:*:*:*:*:*:*
cpe:2.3:a:hummingbird:enterprise_collaboration:5.21:*:*:*:*:*:*:*
cpe:2.3:a:hummingbird:enterprise_collaboration:5.21:*:*:*:*:*:*:*

CVSS

Base:	3.5 (as of 19-10-2018 - 15:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:N/I:P/A:N

refmap via4

bid	16195
bugtraq	20060110 Multiple Vulnerabilities in Hummingbird Collaboration
misc	http://www.securenetwork.it/advisories/sn-2006-01.html
secunia	18411
vupen	ADV-2006-0145
xf	hummingbird-enterprise-xss(24067)

Last major update

19-10-2018 - 15:43

Published

11-01-2006 - 21:03

Last modified

19-10-2018 - 15:43