CVE-2006-5122 - Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote

CVE-2006-5122

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.

References

http://secunia.com/advisories/22215
http://securityreason.com/securityalert/1670
http://www.securityfocus.com/archive/1/447397/100/0/threaded
http://www.securityfocus.com/bid/20275
http://www.vupen.com/english/advisories/2006/3888
https://exchange.xforce.ibmcloud.com/vulnerabilities/29295

Vulnerable Configurations

cpe:2.3:a:hp:mercury_sitescope:8.2_8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:mercury_sitescope:8.2_8.1.2.0:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 17-10-2018 - 21:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:P/A:N

refmap via4

bid	20275
bugtraq	20060929 Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability
secunia	22215
sreason	1670
vupen	ADV-2006-3888
xf	mercurysitescope-multiple-xss(29295)

Last major update

17-10-2018 - 21:41

Published

03-10-2006 - 04:03

Last modified

17-10-2018 - 21:41