Vulnerability Name:

CVE-2006-7149 (CCN-29708)

Assigned:2006-10-20
Published:2006-10-20
Updated:2018-10-16
Summary:Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Oct 20 2006 - 05:58:29 CDT
Mambo V4.6.x vulnerabilities

Source: MITRE
Type: CNA
CVE-2006-7149

Source: SREASON
Type: UNKNOWN
2379

Source: CCN
Type: KAPDA Web site
Mambo V4.6.x vulnerabilities

Source: MISC
Type: Exploit, Vendor Advisory
http://www.kapda.ir/advisory-444.html

Source: CCN
Type: Mambo Web site
Mamboserver.com - Home

Source: CCN
Type: OSVDB ID: 31089
Mambo mod_login.php URI XSS

Source: BUGTRAQ
Type: UNKNOWN
20061020 [KAPDA::#60] Mambo V4.6.x vulnerabilities

Source: BID
Type: Vendor Advisory
20650

Source: CCN
Type: BID-20650
Mambo Multiple Input Validation Vulnerabilities

Source: XF
Type: UNKNOWN
mambo-comments-xss(29708)

Source: XF
Type: UNKNOWN
mambo-comments-xss(29708)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mambo:mambo:4.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo:4.6:rc2:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo:4.6.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mambo mambo 4.6 rc1
    mambo mambo 4.6 rc2
    mambo mambo 4.6.1