CVE-2006-3051 - Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6p

CVE-2006-3051

Summary

Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter. Successful exploitation requires that "register_globals" is enanbled.

References

Vulnerable Configurations

cpe:2.3:a:six_offene_systeme_gmbh:sixcms:*:*:*:*:*:*:*:*
cpe:2.3:a:six_offene_systeme_gmbh:sixcms:*:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 18-10-2018 - 16:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	18393
bugtraq	20060612 [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities 20060619 Re: [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities
misc	http://www.majorsecurity.de/advisory/major_rls17.txt
sectrack	1016282
secunia	20655
sreason	1101
vupen	ADV-2006-2386
xf	sixcms-list-xss(27108)

Last major update

18-10-2018 - 16:45

Published

16-06-2006 - 10:02

Last modified

18-10-2018 - 16:45