| Vulnerability Name: | CVE-2006-2419 (CCN-28669) | ||||||||
| Assigned: | 2006-05-15 | ||||||||
| Published: | 2006-05-15 | ||||||||
| Updated: | 2011-03-08 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. The vulnerability has been confirmed in the latest available version of this product. Other versions may also be affected. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2419 Source: CCN Type: PHP Directory Listing Script Web site PHP Directory Listing Script- Evoluted New Media Source: MISC Type: Exploit http://kiki91.altervista.org/exploit/dir.txt Source: CCN Type: SA20118 Directory Listing Script "dir" Cross-Site Scripting Vulnerability Source: SECUNIA Type: Exploit, Vendor Advisory 20118 Source: CCN Type: OSVDB ID: 25534 Directory Listing Script index.php dir Parameter XSS Source: VUPEN Type: UNKNOWN ADV-2006-1803 Source: XF Type: UNKNOWN directory-listing-index-xss(28669) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||