6.8

CVE-2006-6925

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BitweaverBitweaver Version1.1
BitweaverBitweaver Version1.1.1_beta
BitweaverBitweaver Version1.2.1
BitweaverBitweaver Version1.3
BitweaverBitweaver Version1.3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.07% 0.79
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html
Vendor Advisory
Exploit
http://securityreason.com/securityalert/2144
http://www.securityfocus.com/bid/20988
Vendor Advisory
Exploit
http://www.securityfocus.com/bid/20996
Vendor Advisory
Exploit
http://www.vupen.com/english/advisories/2006/4485
http://secunia.com/advisories/22793
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30167