ID |
CVE-2006-3051
|
Summary |
Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter. Successful exploitation requires that "register_globals" is enanbled. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.1 (as of 18-10-2018 - 16:45) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 18393 | bugtraq | - 20060612 [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities
- 20060619 Re: [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities
| misc | http://www.majorsecurity.de/advisory/major_rls17.txt | sectrack | 1016282 | secunia | 20655 | sreason | 1101 | vupen | ADV-2006-2386 | xf | sixcms-list-xss(27108) |
|
Last major update |
18-10-2018 - 16:45 |
Published |
16-06-2006 - 10:02 |
Last modified |
18-10-2018 - 16:45 |