CVE-2006-5626 - Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content

CVE-2006-5626

Summary

Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability; the software was updated without changing the version number. This vulnerability is addressed in the following product update: phpFaber, phpFaber Content Management System, 1.3.36 20061026

References

Vulnerable Configurations

cpe:2.3:a:phpfaber:phpfaber_content_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:phpfaber:phpfaber_content_management_system:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 17-10-2018 - 21:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	20821
bugtraq	20061026 phpFaber CMS Cross Site Scripting
misc	http://www.vigilon.com/advisories/vg-phpfaber-24-10-2006.txt http://www.vigilon.com/resources/102506c.html
secunia	22629
sreason	1802
vupen	ADV-2006-4260

Last major update

17-10-2018 - 21:44

Published

31-10-2006 - 20:07

Last modified

17-10-2018 - 21:44