Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2997

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-2997
Last Modified 07 Mar 2011 09:37:27
Published 12 Jun 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2997

Summary

Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.

Vulnerable Systems

Application

  • Zms Publishing Zms 2.9.2


References

VUPEN - ADV-2006-2279

BUGTRAQ - 20060610 [MajorSecurity #12]ZMS<= 2.9 - XSS

MISC - http://www.majorsecurity.de/advisory/major_rls12.txt

SECTRACK - 1016275

SECUNIA - 20585

XF - zms-searchform-xss(27055)

SREASON - 1093


Last Updated: 27 May 2016 10:42:50