Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3558

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3558
Last Modified 05 Sep 2008 05:07:27
Published 12 Jul 2006 08:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3558

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php.

Vulnerable Systems

Application

  • Arif Supriyanto Auracms 1.62


References

BID - 18867

BUGTRAQ - 20060706 lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]>===<[XSS vulnerable]&[bug]

MISC - http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt

XF - auracms-title-xss(27704)

XF - auracms-teman-xss(27703)

OSVDB - 28202

OSVDB - 28200

SREASON - 1226


Last Updated: 27 May 2016 10:43:02