Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2678

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2006-2678
Last Modified 07 Mar 2011 09:36:45
Published 31 May 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2678

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php.

Vulnerable Systems

Application

  • Pre Projects Pre News Manager 1.0


References

VUPEN - ADV-2006-1990

BUGTRAQ - 20060524 Pre News Manager v1.0

XF - prenewsmanager-multiple-xss(26692)

BID - 18333

OSVDB - 26072

OSVDB - 26071

OSVDB - 26070

OSVDB - 26069

OSVDB - 26068

OSVDB - 26067

OSVDB - 26066

SREASON - 996

SECUNIA - 20284


Last Updated: 27 May 2016 10:42:42