CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-3607

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 62.9%

CVSS Severity

CVSS v2 Score 4.3

References

http://ellsec.org/print.php?type=N&item_id=141
http://www.securityfocus.com/archive/1/438705/100/200/threaded
http://www.securityfocus.com/bid/18735
https://exchange.xforce.ibmcloud.com/vulnerabilities/27460
https://exchange.xforce.ibmcloud.com/vulnerabilities/27461
http://ellsec.org/print.php?type=N&item_id=141
http://www.securityfocus.com/archive/1/438705/100/200/threaded
http://www.securityfocus.com/bid/18735
https://exchange.xforce.ibmcloud.com/vulnerabilities/27460
https://exchange.xforce.ibmcloud.com/vulnerabilities/27461

Products affected by CVE-2006-3607

Softbiz » Banner Exchange » Version: 1.0

cpe:2.3:a:softbiz:banner_exchange:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3607

Products

Pricing

Contact Us