CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-6925

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.086

EPSS Ranking 92.0%

CVSS Severity

CVSS v2 Score 6.8

References

http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html
http://secunia.com/advisories/22793
http://securityreason.com/securityalert/2144
http://www.securityfocus.com/bid/20988
http://www.securityfocus.com/bid/20996
http://www.vupen.com/english/advisories/2006/4485
https://exchange.xforce.ibmcloud.com/vulnerabilities/30167
http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html
http://secunia.com/advisories/22793
http://securityreason.com/securityalert/2144
http://www.securityfocus.com/bid/20988
http://www.securityfocus.com/bid/20996
http://www.vupen.com/english/advisories/2006/4485
https://exchange.xforce.ibmcloud.com/vulnerabilities/30167

Products affected by CVE-2006-6925

Bitweaver » Bitweaver » Version: 1.1

cpe:2.3:a:bitweaver:bitweaver:1.1
Bitweaver » Bitweaver » Version: 1.1.1_beta

cpe:2.3:a:bitweaver:bitweaver:1.1.1_beta
Bitweaver » Bitweaver » Version: 1.2.1

cpe:2.3:a:bitweaver:bitweaver:1.2.1
Bitweaver » Bitweaver » Version: 1.3

cpe:2.3:a:bitweaver:bitweaver:1.3
Bitweaver » Bitweaver » Version: 1.3.1

cpe:2.3:a:bitweaver:bitweaver:1.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-6925

Products

Pricing

Contact Us