CVE-2006-4883 - Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers

CVE-2006-4883

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php.

References

http://secunia.com/advisories/21911
http://securityreason.com/securityalert/1611
http://securitytracker.com/id?1016876
http://www.securityfocus.com/archive/1/446223/100/0/threaded
http://www.securityfocus.com/bid/20081
http://www.vupen.com/english/advisories/2006/3691
https://exchange.xforce.ibmcloud.com/vulnerabilities/29002

Vulnerable Configurations

cpe:2.3:a:idevspot:bizdirectory:*:*:*:*:*:*:*:*
cpe:2.3:a:idevspot:bizdirectory:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 17-10-2018 - 21:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	20081
bugtraq	20060916 BizDirectory all version xss
sectrack	1016876
secunia	21911
sreason	1611
vupen	ADV-2006-3691
xf	bizdirectory-feed-xss(29002)

Last major update

17-10-2018 - 21:40

Published

19-09-2006 - 21:07

Last modified

17-10-2018 - 21:40