CVE-2006-6768 - Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classifie

CVE-2006-6768

Summary

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter.

References

http://secunia.com/advisories/23289
http://securityreason.com/securityalert/2075
http://www.securityfocus.com/archive/1/452194/100/200/threaded
http://www.securityfocus.com/bid/21198
https://exchange.xforce.ibmcloud.com/vulnerabilities/30445

Vulnerable Configurations

cpe:2.3:a:pwp_technologies:the_classified_ad_system:*:*:*:*:*:*:*:*
cpe:2.3:a:pwp_technologies:the_classified_ad_system:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 17-10-2018 - 21:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	21198
bugtraq	20061119 The Classified Ad System [multiple xss & injection sql]
secunia	23289
sreason	2075
xf	classifiedadsystem-default-xss(30445)

Last major update

17-10-2018 - 21:49

Published

27-12-2006 - 11:28

Last modified

17-10-2018 - 21:49