Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3061

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-3061
Last Modified 07 Mar 2011 12:00:00
Published 19 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3061

Summary

Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php.

Vulnerable Systems

Application

  • Review-script.com Five Star Review Script


References

XF - fivestarreview-profile-xss(27192)

XF - fivestarreview-searchreviews-xss(27190)

XF - fivestarreview-report-xss(27189)

XF - fivestarreview-index2-xss(27188)

VUPEN - ADV-2006-2346

BID - 18390

BUGTRAQ - 20060611 5 Star Review - review-script.com - XSS w/ cookie output

OSVDB - 26499

OSVDB - 26498

OSVDB - 26497

OSVDB - 26496

SREASON - 1107

SECUNIA - 20613


Last Updated: 27 May 2016 10:42:52