CVE-2006-1392

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25427

http://www.securityfocus.com/bid/17221

http://www.osvdb.org/24521

http://www.kb.cert.org/vuls/id/337585

http://secunia.com/advisories/19348

http://pubcookie.org/news/20060306-login-secadv.html

Details

Source: Mitre, NVD

Published: 2006-03-26

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium