Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1144

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1144
Last Modified 07 Mar 2011 09:32:08
Published 10 Mar 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1144

Summary

Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.

Vulnerable Systems

Application

  • David Ravenscroft Hithost 1.0.0


References

VUPEN - ADV-2006-0886

BUGTRAQ - 20060306 histhost v1.0.0 xss and possible rmdir

SECUNIA - 19155

XF - hithost-viewuser-deleteuser-xss(25105)

BID - 17025

OSVDB - 23758

OSVDB - 23757


Last Updated: 27 May 2016 10:41:56