CVE-2006-3366

Exploit

EPSS 0.49%
Veröffentlicht 06.07.2006 20:05:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php.  NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...".

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

V3 Chat ≫ V3 Chat Versionbeta

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.64

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

http://securitytracker.com/id?1016340

Exploit

http://www.securityfocus.com/archive/1/437755/100/200/threaded

http://www.securityfocus.com/archive/1/438069/100/200/threaded

http://www.securityfocus.com/bid/18543

http://www.vupen.com/english/advisories/2006/2474

https://nvd.nist.gov/vuln/detail/CVE-2006-3366

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3366

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3366

EUVD