CVE-2006-0941

Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://evuln.com/vulns/87/summary.html	Vendor Advisory
http://www.osvdb.org/23483
http://secunia.com/advisories/19047	Vendor Advisory
http://www.securityfocus.com/bid/16857
http://securityreason.com/securityalert/557
http://www.vupen.com/english/advisories/2006/0755
https://exchange.xforce.ibmcloud.com/vulnerabilities/24901
http://www.securityfocus.com/archive/1/426985/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:cynical_games:shoutlive:1.1.0:*:*:*:*:*:*:*

Information

Published : 2006-02-28 18:02

Updated : 2018-10-18 09:29

NVD link : CVE-2006-0941

Mitre link : CVE-2006-0941

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

cynical_games

shoutlive

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://evuln.com/vulns/87/summary.html", "name": "http://evuln.com/vulns/87/summary.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.osvdb.org/23483", "name": "23483", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/19047", "name": "19047", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/16857", "name": "16857", "tags": [], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/557", "name": "557", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/0755", "name": "ADV-2006-0755", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24901", "name": "shoutlive-post-xss(24901)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/426985/100/0/threaded", "name": "20060307 [eVuln] ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0941", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-03-01T02:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cynical_games:shoutlive:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:29Z"}