Vulnerability Details CVE-2006-6389
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.8%
CVSS Severity
CVSS v2 Score 6.8
References
- http://securityreason.com/securityalert/2018
- http://www.osvdb.org/37047
- http://www.osvdb.org/37048
- http://www.securityfocus.com/archive/1/453428/100/0/threaded
- http://www.securityfocus.com/bid/21427
- http://securityreason.com/securityalert/2018
- http://www.osvdb.org/37047
- http://www.osvdb.org/37048
- http://www.securityfocus.com/archive/1/453428/100/0/threaded
- http://www.securityfocus.com/bid/21427
Products affected by CVE-2006-6389
-
cpe:2.3:a:ac4p:ac4p_mobile:*