Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2885

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2885
Last Modified 07 Mar 2011 09:37:11
Published 07 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2885

Summary

Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php.

Vulnerable Systems

Application

  • Knowledgetree 3.0.3


References

XF - knowledgetree-view-simplesearch-xss(26940)

VUPEN - ADV-2006-2157

BID - 18324

OSVDB - 26180

OSVDB - 26179

SECUNIA - 20455

MISC - http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html


Last Updated: 27 May 2016 10:42:48