Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1233

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1233
Last Modified 07 Mar 2011 09:32:30
Published 14 Mar 2006 02:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1233

Summary

Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php.

Vulnerable Systems

Application

  • Mikael Software Wmnews


References

VUPEN - ADV-2006-0939

BID - 17076

BUGTRAQ - 20060312 WMNews Cross Site Scripting

SECUNIA - 19204

MISC - http://biyosecurity.be/bugs/wmnews.txt

XF - wmnews-multiple-scripts-xss(25210)

OSVDB - 23842

OSVDB - 23841

OSVDB - 23840


Last Updated: 27 May 2016 10:41:58