6.8

CVE-2006-2746

Exploit

EPSS 13.54%
Veröffentlicht 01.06.2006 10:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao.  NOTE: vectors 2 and 3 might be resultant from file inclusion issues.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Facile Interactive Web ≫ Facile Interactive Web Version <= 0.8.5

Facile Interactive Web ≫ Facile Interactive Web Version0.8.41

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.54%	0.939

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/20358

Vendor Advisory

Exploit

http://securityreason.com/securityalert/1010

http://www.nukedx.com/?getxpl=35

Exploit

http://www.nukedx.com/?viewdoc=35

Vendor Advisory

Exploit

http://www.securityfocus.com/archive/1/435283/100/0/threaded

http://www.vupen.com/english/advisories/2006/2036

http://www.osvdb.org/26104

http://www.osvdb.org/26105

http://www.securityfocus.com/bid/18151

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2006-2746

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2746

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2746

EUVD