Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3538

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2006-3538
Last Modified 05 Sep 2008 05:07:24
Published 12 Jul 2006 08:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3538

Summary

Multiple cross-site scripting (XSS) vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the (1) "Your name" field and (2) "Enter Prayer Request here" field.

Vulnerable Systems

Application

  • Beatificfaith Eprayer Alpha


References

XF - eprayer-formfield-xss(27162)

MISC - http://www.youfucktard.com/xsp/eprayer2.jpg

MISC - http://www.youfucktard.com/xsp/eprayer1.jpg

BID - 18485

BUGTRAQ - 20060614 ePrayver v.Alpha - XSS


Last Updated: 27 May 2016 10:43:02