CVE-2006-1233 - Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbit

CVE-2006-1233

Summary

Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php.

References

http://biyosecurity.be/bugs/wmnews.txt
http://secunia.com/advisories/19204
http://www.osvdb.org/23840
http://www.osvdb.org/23841
http://www.osvdb.org/23842
http://www.securityfocus.com/archive/1/427479/100/0/threaded
http://www.securityfocus.com/bid/17076
http://www.vupen.com/english/advisories/2006/0939
https://exchange.xforce.ibmcloud.com/vulnerabilities/25210

Vulnerable Configurations

cpe:2.3:a:mikael_software:wmnews:*:*:*:*:*:*:*:*
cpe:2.3:a:mikael_software:wmnews:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2018 - 16:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	17076
bugtraq	20060312 WMNews Cross Site Scripting
misc	http://biyosecurity.be/bugs/wmnews.txt
osvdb	23840 23841 23842
secunia	19204
vupen	ADV-2006-0939
xf	wmnews-multiple-scripts-xss(25210)

Last major update

18-10-2018 - 16:31

Published

14-03-2006 - 19:06

Last modified

18-10-2018 - 16:31