| ID |
CVE-2006-1504
|
| Summary |
Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php. Successful exploitation requires that the "register_globals" parameter is enabled. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 5.1 (as of 18-10-2018 - 16:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
HIGH |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 17285 | | bugtraq | 20060328 ArabPortal 2.0 Stable CrossSiteScripting | | osvdb | | | secunia | 19445 | | sreason | 673 | | vupen | ADV-2006-1150 | | xf | arabportal-online-download-xss(25515) |
|
| Last major update |
18-10-2018 - 16:32 |
| Published |
30-03-2006 - 01:06 |
| Last modified |
18-10-2018 - 16:32 |
