Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3312

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3312
Last Modified 13 Sep 2013 01:13:19
Published 29 Jun 2006 03:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3312

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release.

Vulnerable Systems

Application

  • Qatraq 6.5


References

CONFIRM - http://www.testmanagement.com/

BID - 18620

BUGTRAQ - 20060623 QaTraq 6.5 RC: Multiple XSS Vulnerabilities

OSVDB - 27616

OSVDB - 27615

OSVDB - 27614

OSVDB - 27613

OSVDB - 27612

OSVDB - 27611

OSVDB - 27610

OSVDB - 27609

OSVDB - 27608

OSVDB - 27607

OSVDB - 27606

OSVDB - 27605

OSVDB - 27601

OSVDB - 27600

OSVDB - 27599

VIM - 20060811 QaTraq multiple cross-site scripting vulnerabilities (fwd)

SECTRACK - 1016381

MISC - http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt

XF - qatraq-multiple-xss(27355)

OSVDB - 27604

OSVDB - 27603

OSVDB - 27602

SREASON - 1169


Last Updated: 27 May 2016 10:42:57