CVE-2006-0984 - Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attacke

CVE-2006-0984

Summary

Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter. This vulnerability affects EJ3, TOPo version 2.2.178, and possibly all previous versions.

References

http://secunia.com/advisories/19070
http://securityreason.com/securityalert/511
http://www.osvdb.org/23541
http://www.securityfocus.com/archive/1/426318/100/0/threaded
http://www.securityfocus.com/bid/16879
http://www.vupen.com/english/advisories/2006/0775
https://exchange.xforce.ibmcloud.com/vulnerabilities/24980

Vulnerable Configurations

cpe:2.3:a:ej3:topo:2.2.178:*:*:*:*:*:*:*
cpe:2.3:a:ej3:topo:2.2.178:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	16879
bugtraq	20060228 EJ3 TOPo - Cross Site Scripting Vulnerability
osvdb	23541
secunia	19070
sreason	511
vupen	ADV-2006-0775
xf	topo-incheader-xss(24980)

Last major update

18-10-2018 - 16:30

Published

03-03-2006 - 11:02

Last modified

18-10-2018 - 16:30