CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-1233

Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 76.8%

CVSS Severity

CVSS v2 Score 4.3

References

http://biyosecurity.be/bugs/wmnews.txt
http://secunia.com/advisories/19204
http://www.osvdb.org/23840
http://www.osvdb.org/23841
http://www.osvdb.org/23842
http://www.securityfocus.com/archive/1/427479/100/0/threaded
http://www.securityfocus.com/bid/17076
http://www.vupen.com/english/advisories/2006/0939
https://exchange.xforce.ibmcloud.com/vulnerabilities/25210
http://biyosecurity.be/bugs/wmnews.txt
http://secunia.com/advisories/19204
http://www.osvdb.org/23840
http://www.osvdb.org/23841
http://www.osvdb.org/23842
http://www.securityfocus.com/archive/1/427479/100/0/threaded
http://www.securityfocus.com/bid/17076
http://www.vupen.com/english/advisories/2006/0939
https://exchange.xforce.ibmcloud.com/vulnerabilities/25210

Products affected by CVE-2006-1233

Mikael Software » Wmnews » Version: Any

cpe:2.3:a:mikael_software:wmnews:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1233

Products

Pricing

Contact Us