CVE-2006-6520 - Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers

CVE-2006-6520

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php.

References

Vulnerable Configurations

cpe:2.3:a:scriptphp:messageriescripthp:2.0:*:*:*:*:*:*:*
cpe:2.3:a:scriptphp:messageriescripthp:2.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 17-10-2018 - 21:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	21513
bugtraq	20061209 Messageriescripthp V2.0 XSS & SQL Injection
secunia	23319
sreason	2026
vupen	ADV-2006-4939
xf	messageriescripthp-multiple-xss(30819)

Last major update

17-10-2018 - 21:49

Published

14-12-2006 - 01:28

Last modified

17-10-2018 - 21:49