ID |
CVE-2006-3004
|
Summary |
Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 4.3 (as of 20-07-2017 - 01:31) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
refmap
via4
|
bid | 18340 | bugtraq | 20060608 Ez Ringtone Manager from scriptez.net - XSS | secunia | 20530 | sreason | 1097 | vupen | ADV-2006-2237 | xf | ezringtone-player-xss(27062) |
|
Last major update |
20-07-2017 - 01:31 |
Published |
13-06-2006 - 01:02 |
Last modified |
20-07-2017 - 01:31 |