Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3377

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-3377
Last Modified 07 Mar 2011 09:38:29
Published 06 Jul 2006 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3377

Summary

Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi.

Vulnerable Systems

Application

  • Jmb Software Autorank Php 3.02

  • Jmb Software Autorank Pro 5.01


References

VUPEN - ADV-2006-2659

VUPEN - ADV-2006-2658

MISC - http://www.majorsecurity.de/advisory/major_rls19.txt

SECTRACK - 1016429

SECTRACK - 1016428

SECUNIA - 20903

XF - autorankpro-adminmain-xss(27552)

BID - 18796

BUGTRAQ - 20060702 [MajorSecurity #19] AutoRank <= 5.01 - Multiple XSS and cookie disclosure

SECUNIA - 20929


Last Updated: 27 May 2016 10:42:58