ID CVE-2006-3405
Summary Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters.
References
Vulnerable Configurations
  • cpe:2.3:a:qto:qtofilemanager:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:qto:qtofilemanager:1.0:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 18791
bugtraq 20060702 QTOFileManager 1.0
sectrack 1016427
sreason 1199
Last major update 18-10-2018 - 16:47
Published 07-07-2006 - 00:05
Last modified 18-10-2018 - 16:47
Back to Top