CVE-2006-6649 - Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote att

CVE-2006-6649

Summary

Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, or its existence.

References

Vulnerable Configurations

cpe:2.3:a:hypervm:hypervm:*:*:*:*:*:*:*:*
cpe:2.3:a:hypervm:hypervm:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 17-10-2018 - 21:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20061217 HyperVM Cross-Site Scripting
misc	http://www.aria-security.com/forum/showthread.php?p=89#post89
secunia	23413
sreason	2051
vim	20061219 Possible HyperVM vendor dispute - but of severity or existence?
vupen	ADV-2006-5062

Last major update

17-10-2018 - 21:49

Published

20-12-2006 - 02:28

Last modified

17-10-2018 - 21:49