2.6

CVE-2006-5791

EPSS 0.56%
Veröffentlicht 07.11.2006 23:07:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Stefan Ritt ≫ Elog Web Logbook Version <= 2.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.674

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/23580

http://www.debian.org/security/2006/dsa-1242

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016

http://secunia.com/advisories/22638

Vendor Advisory

http://www.vupen.com/english/advisories/2006/4315

http://www.securityfocus.com/bid/20881

http://www.securityfocus.com/bid/20882

https://exchange.xforce.ibmcloud.com/vulnerabilities/29986

https://nvd.nist.gov/vuln/detail/CVE-2006-5791

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5791

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5791

EUVD