CVE-2006-2572 - Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to injec

CVE-2006-2572

Summary

Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.

References

http://secunia.com/advisories/20201
http://securityreason.com/securityalert/948
http://www.osvdb.org/25732
http://www.securityfocus.com/archive/1/434869/100/0/threaded
http://www.securityfocus.com/archive/1/436615/100/0/threaded
http://www.securityfocus.com/bid/18310
http://www.vupen.com/english/advisories/2006/1942
https://exchange.xforce.ibmcloud.com/vulnerabilities/26629

Vulnerable Configurations

cpe:2.3:a:dian_gemilang:dgbook:1.0:*:*:*:*:*:*:*
cpe:2.3:a:dian_gemilang:dgbook:1.0:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 19-10-2018 - 15:46)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	18310
bugtraq	20060523 DGbook v1.0 - XSS 20060609 Re: DGbook v1.0 - XSS
osvdb	25732
secunia	20201
sreason	948
vupen	ADV-2006-1942
xf	dgbook-index-xss(26629)

Last major update

19-10-2018 - 15:46

Published

24-05-2006 - 23:02

Last modified

19-10-2018 - 15:46