Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2425

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2425
Last Modified 07 Mar 2011 09:36:11
Published 17 May 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2425

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields.

Vulnerable Systems

Application

  • Phpremoteview 2003-10-23


References

VUPEN - ADV-2006-1844

BID - 17994

BUGTRAQ - 20060516 PhpRemoteView Multiple Xss Vulnerabilities

MISC - http://soot.shabgard.org/bugs/phpremoteview.txt

XF - phpremoteview-prv-xss(26473)

OSVDB - 25572

SREASON - 902

SECUNIA - 20141


Last Updated: 27 May 2016 10:42:28