CVE-2006-6153 - Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote

CVE-2006-6153

Summary

Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp.

References

http://s-a-p.ca/index.php?page=OurAdvisories&id=47
http://www.securityfocus.com/bid/21190
http://securitytracker.com/id?1017259
http://secunia.com/advisories/22987
http://securityreason.com/securityalert/1926
https://exchange.xforce.ibmcloud.com/vulnerabilities/30446
http://www.securityfocus.com/archive/1/452179/100/100/threaded

Vulnerable Configurations

cpe:2.3:a:vspin.net:classified_system:2004:*:*:*:*:*:*:*
cpe:2.3:a:vspin.net:classified_system:2004:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	21190
bugtraq	20061119 Classified System [injection sql]
misc	http://s-a-p.ca/index.php?page=OurAdvisories&id=47
sectrack	1017259
secunia	22987
sreason	1926
xf	classifiedsystem-catsearch-xss(30446)

Last major update

14-02-2024 - 01:17

Published

28-11-2006 - 23:28

Last modified

14-02-2024 - 01:17