CVE-2006-2634 - Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 a

CVE-2006-2634

Summary

Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field.

References

http://secunia.com/advisories/20307
http://securityreason.com/securityalert/967
http://www.securityfocus.com/archive/1/435145/100/0/threaded
http://www.securityfocus.com/bid/18130
http://www.vupen.com/english/advisories/2006/2026
http://yns.zaxaz.com/advisories/seditio.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/26713

Vulnerable Configurations

cpe:2.3:a:neocrome:seditio:102:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:seditio:102:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	18130
bugtraq	20060524 Seditio Cross Site Scripting Vulnerability
misc	http://yns.zaxaz.com/advisories/seditio.txt
secunia	20307
sreason	967
vupen	ADV-2006-2026
xf	seditio-referer-header-xss(26713)

Last major update

18-10-2018 - 16:41

Published

30-05-2006 - 10:02

Last modified

18-10-2018 - 16:41