ID CVE-2006-4975
Summary Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
References
Vulnerable Configurations
  • cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*
    cpe:2.3:a:yahoo:messenger:*:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 17-10-2018 - 21:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
refmap via4
bugtraq 20060917 [ECHO_ADV_47$2006] WAP Y! Messenger Cross-Site Scripting Vulnerability
misc http://advisories.echo.or.id/adv/adv47-theday-2006.txt
sreason 1626
Last major update 17-10-2018 - 21:40
Published 25-09-2006 - 01:07
Last modified 17-10-2018 - 21:40
Back to Top