6.8
CVE-2006-4577
- EPSS 1.58%
- Veröffentlicht 31.12.2006 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:29:23
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
The Address Book ≫ The Address Book Version1.04e
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.58% | 0.722 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/21694
http://secunia.com/secunia_research/2006-76/advisory/
http://www.securityfocus.com/bid/21870
http://osvdb.org/32564
http://osvdb.org/32565
http://osvdb.org/32566
https://exchange.xforce.ibmcloud.com/vulnerabilities/31240
https://exchange.xforce.ibmcloud.com/vulnerabilities/31247