Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2618

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2618
Last Modified 05 Sep 2008 05:05:01
Published 25 May 2006 09:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2618

Summary

Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability.

Vulnerable Systems

Application

  • Alstrasoft Webhost Directory 1.2


References

XF - hs-webhostdirectory-review-xss(26666)

XF - webhostdirectory-review-xss(26665)

MISC - http://www.sitepoint.com/forums/showthread.php?t=311969

BUGTRAQ - 20060523 AlstraSoft Web Host Directory v1.2

SREASON - 955


Last Updated: 27 May 2016 10:42:40