CVE-2006-5827 - Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earli

CVE-2006-5827

Summary

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters.

References

Vulnerable Configurations

cpe:2.3:a:phpcomasy:phpcomasy:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:phpcomasy:phpcomasy:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:phpcomasy:phpcomasy:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:phpcomasy:phpcomasy:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:phpcomasy:phpcomasy:0.7.9pre:*:*:*:*:*:*:*
cpe:2.3:a:phpcomasy:phpcomasy:0.7.9pre:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 20-07-2017 - 01:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	20938
bugtraq	20061106 MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues
misc	http://www.majorsecurity.de/index_2.php?major_rls=major_rls32
secunia	22760
sreason	1843
xf	phpcomasy-index-xss(30053)

Last major update

20-07-2017 - 01:34

Published

10-11-2006 - 01:07

Last modified

20-07-2017 - 01:34