Vulnerability Details CVE-2006-2477
Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.2%
CVSS Severity
CVSS v2 Score 4.9
References
- http://secunia.com/advisories/20143
- http://securityreason.com/securityalert/918
- http://securitytracker.com/id?1016121
- http://www.securityfocus.com/archive/1/434367/100/0/threaded
- http://www.vupen.com/english/advisories/2006/1858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26544
- http://secunia.com/advisories/20143
- http://securityreason.com/securityalert/918
- http://securitytracker.com/id?1016121
- http://www.securityfocus.com/archive/1/434367/100/0/threaded
- http://www.vupen.com/english/advisories/2006/1858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26544
Products affected by CVE-2006-2477
-
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.0
-
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.2
-
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.3
-
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.4
-
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.5
-
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.6
-
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.7
-
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.8
-
cpe:2.3:a:bitrix:bitrix_site_manager:4.1.0