Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0938

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0938
Last Modified 27 Jul 2015 02:35:44
Published 28 Feb 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0938

Summary

Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.

Vulnerable Systems

Application

  • Ez Publish 3.4.8

  • Ez Publish 3.5.4

  • Ez Publish 3.5.5

  • Ez Publish 3.5.6

  • Ez Publish 3.5.7

  • Ez Publish 3.5.8

  • Ez Publish 3.6.0

  • Ez Publish 3.6.1

  • Ez Publish 3.6.2

  • Ez Publish 3.6.3

  • Ez Publish 3.6.4

  • Ez Publish 3.6.5

  • Ez Publish 3.7.0

  • Ez Publish 3.7.1

  • Ez Publish 3.7.2

  • Ez Publish 3.7.3

  • Ez Systems Ez Publish 3.4.8

  • Ez Systems Ez Publish 3.5.4

  • Ez Systems Ez Publish 3.5.5

  • Ez Systems Ez Publish 3.5.6

  • Ez Systems Ez Publish 3.5.7

  • Ez Systems Ez Publish 3.5.8

  • Ez Systems Ez Publish 3.6.0

  • Ez Systems Ez Publish 3.6.1

  • Ez Systems Ez Publish 3.6.2

  • Ez Systems Ez Publish 3.6.3

  • Ez Systems Ez Publish 3.6.4

  • Ez Systems Ez Publish 3.6.5

  • Ez Systems Ez Publish 3.7.0

  • Ez Systems Ez Publish 3.7.1

  • Ez Systems Ez Publish 3.7.2

  • Ez Systems Ez Publish 3.7.3


References

BID - 16817

BUGTRAQ - 20060225 Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSSvulnerability

MISC - http://www.nukedx.com/?viewdoc=16

XF - ezpublish-referrerurl-xss(24956)

SECTRACK - 1015683


Last Updated: 27 May 2016 11:09:25