6.8

CVE-2006-2951

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NpdsNpds Version <= 5.10
NpdsNpds Version4.8
NpdsNpds Version5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.15% 0.798
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/20523
Vendor Advisory
Exploit
http://securityreason.com/securityalert/1076
http://www.acid-root.new.fr/advisories/npds510.txt
Exploit
http://www.securityfocus.com/archive/1/436442/100/0/threaded
http://www.vupen.com/english/advisories/2006/2233
Vendor Advisory
http://www.osvdb.org/26292
http://www.osvdb.org/26293
http://www.osvdb.org/26294
http://www.osvdb.org/26295
http://www.osvdb.org/26296
http://www.securityfocus.com/bid/18383
https://exchange.xforce.ibmcloud.com/vulnerabilities/27123