CVE-2006-4500 - Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attacke

CVE-2006-4500

Summary

Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters.

References

http://securityreason.com/securityalert/1481
http://www.securityfocus.com/archive/1/444743/100/0/threaded
http://www.securityfocus.com/bid/19759
https://exchange.xforce.ibmcloud.com/vulnerabilities/28666

Vulnerable Configurations

cpe:2.3:a:ztml:ezportal_ztml_cms:1.0:*:*:*:*:*:*:*
cpe:2.3:a:ztml:ezportal_ztml_cms:1.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 17-10-2018 - 21:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	19759
bugtraq	20060830 Ezportal/Ztml v1.0 Multiple vulnerabilities
sreason	1481
xf	ezportalztml-index-xss(28666)

Last major update

17-10-2018 - 21:37

Published

31-08-2006 - 22:04

Last modified

17-10-2018 - 21:37