CVE-2006-3259 : Detail

CVE-2006-3259

1.04%V3
Network
2006-06-27
19h00 +00:00
2018-10-18
12h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 28063

Publication date : 2006-06-18 22h00 +00:00
Author : securityconnection
EDB Verified : Yes

source: https://www.securityfocus.com/bid/18508/info e107 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. http://www.example.com/search.php?q=&r=0&s=Search&in=1&ex=1&ep= %27%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript% 3E&be=1&t=1&adv=1&type=all&on=new&time=any&author=
Exploit Database EDB-ID : 28078

Publication date : 2006-06-20 22h00 +00:00
Author : EllipSiS Security
EDB Verified : Yes

source: https://www.securityfocus.com/bid/18560/info The e107 CMS is prone to an HTML-injection vulnerability. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site when the inserted data is viewed. In Submit comment: Subject: '><script>alert(/XSS/)</script>

Products Mentioned

Configuraton 0

E107>>E107 >> Version To (including) 0.7.5

E107>>E107 >> Version 0.6_10

    E107>>E107 >> Version 0.6_11

      E107>>E107 >> Version 0.6_12

        E107>>E107 >> Version 0.6_13

          E107>>E107 >> Version 0.6_14

            E107>>E107 >> Version 0.6_15

              E107>>E107 >> Version 0.6_15a

                E107>>E107 >> Version 0.7

                E107>>E107 >> Version 0.7.1

                E107>>E107 >> Version 0.7.2

                E107>>E107 >> Version 0.7.3

                E107>>E107 >> Version 0.7.4

                E107>>E107 >> Version 0.545

                  E107>>E107 >> Version 0.547_beta

                    E107>>E107 >> Version 0.548_beta

                      E107>>E107 >> Version 0.549_beta

                        E107>>E107 >> Version 0.551_beta

                          E107>>E107 >> Version 0.552_beta

                            E107>>E107 >> Version 0.553_beta

                              E107>>E107 >> Version 0.554

                                E107>>E107 >> Version 0.554_beta

                                  E107>>E107 >> Version 0.555_beta

                                    E107>>E107 >> Version 0.600

                                    E107>>E107 >> Version 0.601

                                    E107>>E107 >> Version 0.602

                                    E107>>E107 >> Version 0.603

                                    E107>>E107 >> Version 0.604

                                    E107>>E107 >> Version 0.605

                                    E107>>E107 >> Version 0.606

                                    E107>>E107 >> Version 0.607

                                    E107>>E107 >> Version 0.608

                                    E107>>E107 >> Version 0.609

                                    E107>>E107 >> Version 0.610

                                    E107>>E107 >> Version 0.611

                                    E107>>E107 >> Version 0.612

                                    E107>>E107 >> Version 0.613

                                    E107>>E107 >> Version 0.614

                                    E107>>E107 >> Version 0.615

                                    E107>>E107 >> Version 0.615a

                                    E107>>E107 >> Version 0.616

                                    E107>>E107 >> Version 0.617

                                    E107>>E107 >> Version 0.6171

                                    E107>>E107 >> Version 0.6172

                                    E107>>E107 >> Version 0.6173

                                    E107>>E107 >> Version 0.6174

                                    E107>>E107 >> Version 0.6175

                                    References

                                    http://secunia.com/advisories/20727
                                    Tags : third-party-advisory, x_refsource_SECUNIA
                                    http://www.securityfocus.com/bid/18508
                                    Tags : vdb-entry, x_refsource_BID
                                    http://www.vupen.com/english/advisories/2006/2460
                                    Tags : vdb-entry, x_refsource_VUPEN
                                    http://www.securityfocus.com/bid/18560
                                    Tags : vdb-entry, x_refsource_BID
                                    http://securityreason.com/securityalert/1151
                                    Tags : third-party-advisory, x_refsource_SREASON