6.8

CVE-2006-2689

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Eva-webEva-web Version <= 2.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.95% 0.776
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://pridels0.blogspot.com/2006/05/eva-web-212-vuln.html
http://secunia.com/advisories/20279
Vendor Advisory
Exploit
http://www.securityfocus.com/bid/18161
http://www.vupen.com/english/advisories/2006/2048
https://exchange.xforce.ibmcloud.com/vulnerabilities/26891