CVE-2006-4442
Published Aug 29, 2006
Last updated 14 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field). NOTE: some details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clemens_wacha:php_iaddressbook:0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DC0CE86-D0E7-41B2-B598-279F706DA377"
},
{
"criteria": "cpe:2.3:a:clemens_wacha:php_iaddressbook:0.91:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F060E71-9993-4555-A7C6-644705327E8B"
},
{
"criteria": "cpe:2.3:a:clemens_wacha:php_iaddressbook:0.91a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA314E0F-EC8F-4A62-A2A5-0B6845327F4C"
},
{
"criteria": "cpe:2.3:a:clemens_wacha:php_iaddressbook:0.92:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4FFECA8-06FF-4982-9D0C-022245402E9D"
},
{
"criteria": "cpe:2.3:a:clemens_wacha:php_iaddressbook:0.93:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D660BCA9-547D-4053-8A98-E23A5E947AC1"
},
{
"criteria": "cpe:2.3:a:clemens_wacha:php_iaddressbook:0.94:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBA3B611-F3D0-4E96-BA0A-EA5E92A16DBE"
}
],
"operator": "OR"
}
]
}
]