Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1854

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1854
Last Modified 03 Nov 2008 01:17:37
Published 19 Apr 2006 12:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1854

Summary

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute.

Vulnerable Systems

Application

  • Bluepay Manager 2.0


References

MISC - http://pridels0.blogspot.com/2006/04/bluepay-manager-v20-script-insertion.html


Last Updated: 27 May 2016 10:42:14