CVE-2006-1532

Cross-site scripting (XSS) vulnerability in search.php in PHP Classifieds 6.18, 6.20, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchword parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/ref/24/24232-php_classifieds.txt
http://secunia.com/advisories/19440	Vendor Advisory
http://www.osvdb.org/24232
http://www.securityfocus.com/bid/17305
http://www.vupen.com/english/advisories/2006/1143
https://exchange.xforce.ibmcloud.com/vulnerabilities/25507
http://osvdb.org/ref/24/24232-php_classifieds.txt
http://secunia.com/advisories/19440	Vendor Advisory
http://www.osvdb.org/24232
http://www.securityfocus.com/bid/17305
http://www.vupen.com/english/advisories/2006/1143
https://exchange.xforce.ibmcloud.com/vulnerabilities/25507

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:deltascripts:php_classifieds:6.18:::::::*
	cpe:2.3:a:deltascripts:php_classifieds:6.20:::::::*

History

21 Nov 2024, 00:09

Type	Values Removed	Values Added
References	~~() http://osvdb.org/ref/24/24232-php_classifieds.txt -~~	() http://osvdb.org/ref/24/24232-php_classifieds.txt -
References	~~() http://secunia.com/advisories/19440 - Vendor Advisory~~	() http://secunia.com/advisories/19440 - Vendor Advisory
References	~~() http://www.osvdb.org/24232 -~~	() http://www.osvdb.org/24232 -
References	~~() http://www.securityfocus.com/bid/17305 -~~	() http://www.securityfocus.com/bid/17305 -
References	~~() http://www.vupen.com/english/advisories/2006/1143 -~~	() http://www.vupen.com/english/advisories/2006/1143 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25507 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25507 -

Information

Published : 2006-03-30 11:02

Updated : 2024-11-21 00:09

NVD link : CVE-2006-1532

Mitre link : CVE-2006-1532

CVE.ORG link : CVE-2006-1532

JSON object : View

Products Affected

deltascripts

php_classifieds

CWE

NVD-CWE-Other

{"id": "CVE-2006-1532", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-03-30T11:02:00.000", "references": [{"url": "http://osvdb.org/ref/24/24232-php_classifieds.txt", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19440", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24232", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17305", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1143", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25507", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/ref/24/24232-php_classifieds.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/19440", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/24232", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/17305", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/1143", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25507", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in search.php in PHP Classifieds 6.18, 6.20, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchword parameter."}], "lastModified": "2024-11-21T00:09:06.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deltascripts:php_classifieds:6.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B2E8AE8-3B62-472D-B3BD-AC780B2D1340"}, {"criteria": "cpe:2.3:a:deltascripts:php_classifieds:6.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63E29ACE-2333-49D0-98B4-E6535152EA8C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}