4.3

CVE-2006-3259

Exploit

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).

Data is provided by the National Vulnerability Database (NVD)
E107E107 Version <= 0.7.5
E107E107 Version0.6_10
E107E107 Version0.6_11
E107E107 Version0.6_12
E107E107 Version0.6_13
E107E107 Version0.6_14
E107E107 Version0.6_15
E107E107 Version0.6_15a
E107E107 Version0.7
E107E107 Version0.7.1
E107E107 Version0.7.2
E107E107 Version0.7.3
E107E107 Version0.7.4
E107E107 Version0.545
E107E107 Version0.547_beta
E107E107 Version0.548_beta
E107E107 Version0.549_beta
E107E107 Version0.551_beta
E107E107 Version0.552_beta
E107E107 Version0.553_beta
E107E107 Version0.554
E107E107 Version0.554_beta
E107E107 Version0.555_beta
E107E107 Version0.600
E107E107 Version0.601
E107E107 Version0.602
E107E107 Version0.603
E107E107 Version0.604
E107E107 Version0.605
E107E107 Version0.606
E107E107 Version0.607
E107E107 Version0.608
E107E107 Version0.609
E107E107 Version0.610
E107E107 Version0.611
E107E107 Version0.612
E107E107 Version0.613
E107E107 Version0.614
E107E107 Version0.615
E107E107 Version0.615a
E107E107 Version0.616
E107E107 Version0.617
E107E107 Version0.6171
E107E107 Version0.6172
E107E107 Version0.6173
E107E107 Version0.6174
E107E107 Version0.6175
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 6.22% 0.9
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
http://secunia.com/advisories/20727
Vendor Advisory
Exploit