CVE-2006-1980

Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html
http://secunia.com/advisories/19717	Vendor Advisory
http://www.osvdb.org/24759
http://www.securityfocus.com/bid/17626	Exploit
http://www.vupen.com/english/advisories/2006/1445
https://exchange.xforce.ibmcloud.com/vulnerabilities/25947
http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html
http://secunia.com/advisories/19717	Vendor Advisory
http://www.osvdb.org/24759
http://www.securityfocus.com/bid/17626	Exploit
http://www.vupen.com/english/advisories/2006/1445
https://exchange.xforce.ibmcloud.com/vulnerabilities/25947

Configurations

Configuration 1 (hide)

cpe:2.3:a:w2b:online_banking:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:10

Type	Values Removed	Values Added
References	~~() http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html -~~	() http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html -
References	~~() http://secunia.com/advisories/19717 - Vendor Advisory~~	() http://secunia.com/advisories/19717 - Vendor Advisory
References	~~() http://www.osvdb.org/24759 -~~	() http://www.osvdb.org/24759 -
References	~~() http://www.securityfocus.com/bid/17626 - Exploit~~	() http://www.securityfocus.com/bid/17626 - Exploit
References	~~() http://www.vupen.com/english/advisories/2006/1445 -~~	() http://www.vupen.com/english/advisories/2006/1445 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25947 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25947 -

Information

Published : 2006-04-21 22:02

Updated : 2024-11-21 00:10

NVD link : CVE-2006-1980

Mitre link : CVE-2006-1980

CVE.ORG link : CVE-2006-1980

JSON object : View

Products Affected

w2b

online_banking

CWE

NVD-CWE-Other

{"id": "CVE-2006-1980", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-04-21T22:02:00.000", "references": [{"url": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19717", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24759", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17626", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1445", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25947", "source": "cve@mitre.org"}, {"url": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/19717", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/24759", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/17626", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/1445", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25947", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter."}, {"lang": "es", "value": "Vulnerabilidad de guiones en sitios cruzados en W2B Online Banking permite a atacantes remotos inyectar guiones web o HTML de su elecci\u00f3n mediante (1) la cadena de consulta, (2) el par\u00e1metro SID, o (3) el par\u00e1metro ilang."}], "lastModified": "2024-11-21T00:10:14.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:w2b:online_banking:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35775085-7B5F-4E5C-8730-65795A34D347"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}