CVE-2006-0122

Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://attrition.org/pipermail/vim/2006-January/000509.html
http://osvdb.org/ref/22/22247-aquifer.txt	Exploit
http://secunia.com/advisories/18326	Vendor Advisory
http://www.osvdb.org/22247	Exploit Patch
http://www.securityfocus.com/bid/16162
http://www.vupen.com/english/advisories/2006/0074

Configurations

Configuration 1 (hide)

cpe:2.3:a:aquifer_cms:aquifer_cms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-01-09 11:03

Updated : 2011-03-08 02:29

NVD link : CVE-2006-0122

Mitre link : CVE-2006-0122

CVE.ORG link : CVE-2006-0122

JSON object : View

Products Affected

aquifer_cms

aquifer_cms

CWE

NVD-CWE-Other

{"id": "CVE-2006-0122", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-01-09T11:03:00.000", "references": [{"url": "http://attrition.org/pipermail/vim/2006-January/000509.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/ref/22/22247-aquifer.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18326", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22247", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16162", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0074", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter."}], "lastModified": "2011-03-08T02:29:22.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aquifer_cms:aquifer_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB376587-855F-4BF2-A9CB-9B46C0AF34F2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Vendor provided solution:\r\n\r\n\"Liquid Development has identified this vulnerability in all shipping versions of AquiferCMS and coded a software fix. The fix will be included in all releases of AquiferCMS built on or after January 24, 2006. Customers should contact Liquid Development to obtain the fix for this vulnerability. For more information visit www.aquifercms.com.\" \r\n"}