CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-6386

Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.3%

CVSS Severity

CVSS v2 Score 6.8

References

http://drupal.org/node/101540
http://secunia.com/advisories/23261
http://www.securityfocus.com/bid/21455
http://www.vupen.com/english/advisories/2006/4870
https://exchange.xforce.ibmcloud.com/vulnerabilities/30748
http://drupal.org/node/101540
http://secunia.com/advisories/23261
http://www.securityfocus.com/bid/21455
http://www.vupen.com/english/advisories/2006/4870
https://exchange.xforce.ibmcloud.com/vulnerabilities/30748

Products affected by CVE-2006-6386

Drupal » Cvs Management And Tracker » Version: 4.7_1.0

cpe:2.3:a:drupal:cvs_management_and_tracker:4.7_1.0
Drupal » Cvs Management And Tracker » Version: 4.7_2.0

cpe:2.3:a:drupal:cvs_management_and_tracker:4.7_2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-6386

Products

Pricing

Contact Us