CVE-2006-7023 - Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inje

CVE-2006-7023

Summary

Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.

References

http://securityreason.com/securityalert/2251
http://www.securityfocus.com/archive/1/436691/30/4500/threaded
http://www.securityfocus.com/archive/1/469825/100/100/threaded
http://www.securityfocus.com/bid/18361
https://exchange.xforce.ibmcloud.com/vulnerabilities/27167

Vulnerable Configurations

cpe:2.3:a:fx-app:fx-app:0.0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fx-app:fx-app:0.0.8.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 16-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	18361
bugtraq	20060610 fx-APP Version 0.0.8.1 20070528 Re: fx-APP Version 0.0.8.1
sreason	2251
xf	fxapp-search-profile-addmenu-xss(27167)

Last major update

16-10-2018 - 16:29

Published

15-02-2007 - 02:28

Last modified

16-10-2018 - 16:29