CVE-2006-4543 - Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inj

CVE-2006-4543

Summary

Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.

References

http://secunia.com/advisories/21635
http://securityreason.com/securityalert/1490
http://www.securityfocus.com/archive/1/444716/100/0/threaded
http://www.securityfocus.com/bid/19771

Vulnerable Configurations

cpe:2.3:a:hlstats:hlstats:1.34:*:*:*:*:*:*:*
cpe:2.3:a:hlstats:hlstats:1.34:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 17-10-2018 - 21:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	19771
bugtraq	20060830 XSS in HLstats 1.34
secunia	21635
sreason	1490

Last major update

17-10-2018 - 21:37

Published

06-09-2006 - 00:04

Last modified

17-10-2018 - 21:37