3.5

CVE-2006-0657

EPSS 0.39%
Veröffentlicht 13.02.2006 11:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php.  NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Softcomplex ≫ Php Event Calendar Version1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.573

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://evuln.com/vulns/63/summary.html

Vendor Advisory

http://secunia.com/advisories/18792

Vendor Advisory

http://securityreason.com/securityalert/442

http://www.osvdb.org/23071

http://www.osvdb.org/23072

http://www.securityfocus.com/bid/16588

http://www.vupen.com/english/advisories/2006/0507

https://exchange.xforce.ibmcloud.com/vulnerabilities/24523

https://nvd.nist.gov/vuln/detail/CVE-2006-0657

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0657

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0657

EUVD