Vulnerability Details CVE-2006-2084
Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://securityreason.com/securityalert/812
- http://www.aria-security.net/advisory/farsinews/farsinews0420062.txt
- http://www.securityfocus.com/archive/1/432109/100/0/threaded
- http://www.securityfocus.com/bid/17701
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26097
- http://securityreason.com/securityalert/812
- http://www.aria-security.net/advisory/farsinews/farsinews0420062.txt
- http://www.securityfocus.com/archive/1/432109/100/0/threaded
- http://www.securityfocus.com/bid/17701
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26097
Products affected by CVE-2006-2084
-
cpe:2.3:a:farsinews:farsinews:*
-
cpe:2.3:a:farsinews:farsinews:2.1
-
cpe:2.3:a:farsinews:farsinews:2.1_beta2
-
cpe:2.3:a:farsinews:farsinews:2.5