CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-6769

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 69.9%

CVSS Severity

CVSS v2 Score 6.8

References

http://secunia.com/advisories/23488
http://securityreason.com/securityalert/2068
http://www.hackerscenter.com/archive/view.asp?id=26833
http://www.securityfocus.com/archive/1/455269/100/0/threaded
http://www.securityfocus.com/bid/21737
http://secunia.com/advisories/23488
http://securityreason.com/securityalert/2068
http://www.hackerscenter.com/archive/view.asp?id=26833
http://www.securityfocus.com/archive/1/455269/100/0/threaded
http://www.securityfocus.com/bid/21737

Products affected by CVE-2006-6769

Php Live » Php Live » Version: Any

cpe:2.3:a:php_live:php_live:*
Php Live » Php Live » Version: 2.8.1

cpe:2.3:a:php_live:php_live:2.8.1
Php Live » Php Live » Version: 3.0

cpe:2.3:a:php_live:php_live:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-6769

Products

Pricing

Contact Us