CVE-2006-1698 - Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to e

CVE-2006-1698

Summary

Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.

References

http://secunia.com/advisories/19586
http://www.vupen.com/english/advisories/2006/1287
https://exchange.xforce.ibmcloud.com/vulnerabilities/25697

Vulnerable Configurations

cpe:2.3:a:matt_wright:matt_wright_guestbook:*:*:*:*:*:*:*:*
cpe:2.3:a:matt_wright:matt_wright_guestbook:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

secunia	19586
vupen	ADV-2006-1287
xf	guestbook-guestbook-parameters-xss(25697)

Last major update

20-07-2017 - 01:30

Published

11-04-2006 - 10:02

Last modified

20-07-2017 - 01:30