4.3
CVE-2006-4206
- EPSS 2.51%
- Veröffentlicht 17.08.2006 21:04:00
- Zuletzt bearbeitet 16.06.2026 22:28:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aspplayground.Net ≫ Aspplayground.Net Version2.4.5 Editionadvanced_and_unicode
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.51% | 0.827 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4206
http://securityreason.com/securityalert/1405
http://www.osvdb.org/29232
http://www.securityfocus.com/archive/1/443035/100/0/threaded
http://www.securityfocus.com/bid/20335
https://exchange.xforce.ibmcloud.com/vulnerabilities/28352