Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2084

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2084
Last Modified 03 Jan 2013 12:00:00
Published 29 Apr 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2084

Summary

Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php.

Vulnerable Systems

Application

  • Farsinews 2.1

  • Farsinews 2.1 Beta2

  • Farsinews 2.5

  • Farsinews 2.5.3 Pro


References

BUGTRAQ - 20060426 XXS Attack On FarsiNews

MISC - http://www.aria-security.net/advisory/farsinews/farsinews0420062.txt

XF - farsinews-index-admin-xss(26097)

BID - 17701

SREASON - 812


Last Updated: 27 May 2016 11:01:32