CVE-2006-6928 - Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject a

CVE-2006-6928

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp.

References

http://secunia.com/advisories/23049
http://securityreason.com/securityalert/2143
http://www.securityfocus.com/archive/1/452112/100/0/threaded
http://www.securityfocus.com/bid/21191
http://www.vupen.com/english/advisories/2006/4630
https://exchange.xforce.ibmcloud.com/vulnerabilities/30425

Vulnerable Configurations

cpe:2.3:a:grandora:rialto:1.6:*:*:*:*:*:*:*
cpe:2.3:a:grandora:rialto:1.6:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	21191
bugtraq	20061120 Rialto 1.6[admin login bypass & multiples injections sql]
secunia	23049
sreason	2143
vupen	ADV-2006-4630
xf	rialto-multiple-scripts-xss(30425)

Last major update

16-10-2018 - 16:29

Published

13-01-2007 - 02:28

Last modified

16-10-2018 - 16:29