CVE-2006-4577

Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/secunia_research/2006-76/advisory/	Exploit Vendor Advisory
http://secunia.com/advisories/21694	Exploit Vendor Advisory
http://www.securityfocus.com/bid/21870
http://osvdb.org/32564
http://osvdb.org/32566
http://osvdb.org/32565
https://exchange.xforce.ibmcloud.com/vulnerabilities/31247
https://exchange.xforce.ibmcloud.com/vulnerabilities/31240

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*

Information

Published : 2006-12-30 21:00

Updated : 2017-07-19 18:33

NVD link : CVE-2006-4577

Mitre link : CVE-2006-4577

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

the_address_book

the_address_book

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2006-76/advisory/", "name": "http://secunia.com/secunia_research/2006-76/advisory/", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/21694", "name": "21694", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/21870", "name": "21870", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/32564", "name": "32564", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/32566", "name": "32566", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/32565", "name": "32565", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31247", "name": "theaddressbook-index-search-xss(31247)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31240", "name": "theaddressbook-multiple-scripts-xss(31240)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4577", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:33Z"}