CVE-2006-5770

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/20895	Exploit
http://www.osvdb.org/32046
http://www.osvdb.org/32047
http://www.osvdb.org/32048
http://www.osvdb.org/32049
http://www.osvdb.org/32050
http://www.osvdb.org/32051
https://exchange.xforce.ibmcloud.com/vulnerabilities/30007
http://www.securityfocus.com/archive/1/450496/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:ac4p:ac4p_mobile:*:*:*:*:*:*:*:*

Information

Published : 2006-11-06 15:07

Updated : 2018-10-17 14:44

NVD link : CVE-2006-5770

Mitre link : CVE-2006-5770

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ac4p

ac4p_mobile

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/20895", "name": "20895", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.osvdb.org/32046", "name": "32046", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/32047", "name": "32047", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/32048", "name": "32048", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/32049", "name": "32049", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/32050", "name": "32050", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/32051", "name": "32051", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30007", "name": "mobile-index-xss(30007)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/450496/100/0/threaded", "name": "20061103 XSS in script Mobile", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5770", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-11-06T23:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ac4p:ac4p_mobile:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:44Z"}