CVE-2006-2066

Published Apr 27, 2006

Last updated 6 years ago

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mkportal:mkportal:1.1_rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28D48A2C-A60A-4200-B091-3E90F0AECC4A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2006-2066
http://secunia.com/advisories/19786
http://securityreason.com/securityalert/801
http://securitytracker.com/id?1015977
http://www.nukedx.com/?viewdoc=26
http://www.osvdb.org/24901
http://www.securityfocus.com/archive/1/431759/100/0/threaded
http://www.securityfocus.com/archive/1/447195/100/0/threaded
http://www.securityfocus.com/archive/1/447303/100/0/threaded
http://www.securityfocus.com/bid/17651
http://www.securityfocus.com/bid/20232
http://www.vupen.com/english/advisories/2006/1485

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References