4.3
CVE-2006-0194
- EPSS 1.98%
- Veröffentlicht 13.01.2006 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:20:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fog Creek Software ≫ Fogbugz Version <= 4.029
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.98% | 0.78 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/18443
http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html
http://www.osvdb.org/22370
http://www.securityfocus.com/archive/1/421729/100/0/threaded
http://www.securityfocus.com/bid/16216
http://www.vupen.com/english/advisories/2006/0174
https://exchange.xforce.ibmcloud.com/vulnerabilities/24103