Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1230

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1230
Last Modified 13 Sep 2011 12:00:00
Published 14 Mar 2006 02:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1230

Summary

Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.

Vulnerable Systems

Application

  • Belchior Foundry Vcard 2.6

  • Belchior Foundry Vcard 2.8

  • Belchior Foundry Vcard 2.9


References

XF - vcard-create-xss(25181)

VUPEN - ADV-2006-0945

BID - 22819

BID - 17073

BUGTRAQ - 20070304 XSS Remote In vCard 2.6 (c)2002

BUGTRAQ - 20060527 multiple Xss exploits in : vCard 2.9

BUGTRAQ - 20060311 XSS in vCard

OSVDB - 23838

SECTRACK - 1016183

SECUNIA - 19216


Last Updated: 27 May 2016 10:41:58