CVE-2006-3956

Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21296	Vendor Advisory
http://securityreason.com/securityalert/1317
http://www.osvdb.org/27629
http://www.securityfocus.com/archive/1/441532/100/0/threaded
http://www.securityfocus.com/bid/19226
http://www.vupen.com/english/advisories/2006/3061
https://exchange.xforce.ibmcloud.com/vulnerabilities/28069

Configurations

Configuration 1 (hide)

cpe:2.3:a:total_online_solutions:advanced_webhost_billing_system:2.2.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-08-01 21:04

Updated : 2024-02-28 10:42

NVD link : CVE-2006-3956

Mitre link : CVE-2006-3956

CVE.ORG link : CVE-2006-3956

JSON object : View

Products Affected

total_online_solutions

advanced_webhost_billing_system

CWE

NVD-CWE-Other

{"id": "CVE-2006-3956", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-01T21:04:00.000", "references": [{"url": "http://secunia.com/advisories/21296", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1317", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27629", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/441532/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19226", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3061", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28069", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en contact.php en Advanced Webhost Billing System (AWBS) 2.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) Name, (2) AccountUsername y (3) Message."}], "lastModified": "2018-10-17T21:32:32.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:total_online_solutions:advanced_webhost_billing_system:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EFF6355-308F-4608-B742-1182E1BD1716"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}