Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2006-2500

Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.5%
CVSS Severity
CVSS v2 Score 6.8
Products affected by CVE-2006-2500


Contact Us

Shodan ® - All rights reserved