Vulnerability Details CVE-2006-2506
Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.7%
CVSS Severity
CVSS v2 Score 6.8
References
- http://securityreason.com/securityalert/930
- http://soot.shabgard.org/bugs/Sphider.txt
- http://www.osvdb.org/25573
- http://www.securityfocus.com/archive/1/434119/100/0/threaded
- http://www.securityfocus.com/bid/17997
- http://www.vupen.com/english/advisories/2006/1845
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26482
- http://securityreason.com/securityalert/930
- http://soot.shabgard.org/bugs/Sphider.txt
- http://www.osvdb.org/25573
- http://www.securityfocus.com/archive/1/434119/100/0/threaded
- http://www.securityfocus.com/bid/17997
- http://www.vupen.com/english/advisories/2006/1845
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26482
Products affected by CVE-2006-2506
-
cpe:2.3:a:sphider:sphider:1.3
-
cpe:2.3:a:sphider:sphider:1.3_rc1
-
cpe:2.3:a:sphider:sphider:1.3_rc2
-
cpe:2.3:a:sphider:sphider:1.3b