CVE-2006-3004 - Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to

CVE-2006-3004

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search.

References

http://secunia.com/advisories/20530
http://securityreason.com/securityalert/1097
http://www.securityfocus.com/archive/1/436424
http://www.securityfocus.com/bid/18340
http://www.vupen.com/english/advisories/2006/2237
https://exchange.xforce.ibmcloud.com/vulnerabilities/27062

Vulnerable Configurations

cpe:2.3:a:scriptsez:ez_ringtone_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:scriptsez:ez_ringtone_manager:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	18340
bugtraq	20060608 Ez Ringtone Manager from scriptez.net - XSS
secunia	20530
sreason	1097
vupen	ADV-2006-2237
xf	ezringtone-player-xss(27062)

Last major update

20-07-2017 - 01:31

Published

13-06-2006 - 01:02

Last modified

20-07-2017 - 01:31