Vulnerability CVE-2006-2951

Vulnerability Name:

CVE-2006-2951 (CCN-27123)

Assigned:

2006-06-08

Published:

2006-06-08

Updated:

2018-10-18

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Thu Jun 08 2006 - 04:18:50 CDT
NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure

Source: MITRE
Type: CNA
CVE-2006-2951

Source: CCN
Type: SA20523
NPDS Local File Inclusion and Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Exploit, Vendor Advisory
20523

Source: SREASON
Type: UNKNOWN
1076

Source: MISC
Type: Exploit
http://www.acid-root.new.fr/advisories/npds510.txt

Source: CCN
Type: NPDS Web site
Index - NPDS

Source: OSVDB
Type: UNKNOWN
26292

Source: OSVDB
Type: UNKNOWN
26293

Source: OSVDB
Type: UNKNOWN
26294

Source: OSVDB
Type: UNKNOWN
26295

Source: OSVDB
Type: UNKNOWN
26296

Source: CCN
Type: OSVDB ID: 26292
NPDS header.php Multiple Parameter XSS

Source: CCN
Type: OSVDB ID: 26293
NPDS meta.php nuke_url Parameter XSS

Source: CCN
Type: OSVDB ID: 26294
NPDS viewforum.php forum Parameter XSS

Source: CCN
Type: OSVDB ID: 26295
NPDS editpost.php Multiple Parameter XSS

Source: CCN
Type: OSVDB ID: 26296
NPDS user.php email Parameter XSS

Source: BUGTRAQ
Type: UNKNOWN
20060608 NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure

Source: BID
Type: UNKNOWN
18383

Source: CCN
Type: BID-18383
NPDS Multiple Input Validation Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2233

Source: XF
Type: UNKNOWN
npds-multiple-scripts-xss(27123)

Source: XF
Type: UNKNOWN
npds-multiple-scripts-xss(27123)

Vulnerable Configuration:

Configuration 1:

cpe:/a:npds:npds:4.8:*:*:*:*:*:*:*

OR cpe:/a:npds:npds:5.0:*:*:*:*:*:*:*

OR cpe:/a:npds:npds:*:*:*:*:*:*:*:* (Version <= 5.10)

Denotes that component is vulnerable

BACK