CVE-2006-7122

Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/secunia_research/2006-63/advisory/	Patch
http://securityreason.com/securityalert/2360
http://www.securityfocus.com/archive/1/447356/100/0/threaded
http://www.securityfocus.com/bid/20267
https://exchange.xforce.ibmcloud.com/vulnerabilities/29266

Configurations

Configuration 1 (hide)

cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-03-06 01:19

Updated : 2018-10-16 16:29

NVD link : CVE-2006-7122

Mitre link : CVE-2006-7122

CVE.ORG link : CVE-2006-7122

JSON object : View

Products Affected

joomla

bsq_sitestats

CWE

NVD-CWE-Other

{"id": "CVE-2006-7122", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-03-06T01:19:00.000", "references": [{"url": "http://secunia.com/secunia_research/2006-63/advisory/", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2360", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/447356/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20267", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29266", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad de B\u00fasqueda de Direcci\u00f3n IP (IP Address Lookup) en BSQ Sitestats (componente para Joomla) 1.8.0, y posiblemente otras versiones anteriores a 2.2.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro ip."}], "lastModified": "2018-10-16T16:29:28.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBD756FB-F3A0-4782-8B7E-D8B4BC6E339C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}