CVE-2006-5069

Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=full-disclosure&m=115918334930694&w=2
http://secunia.com/advisories/22071	Patch Vendor Advisory
http://securityreason.com/securityalert/1646
http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/	Patch
http://www.securityfocus.com/archive/1/446885/100/0/threaded
http://www.securityfocus.com/bid/20173	Patch
http://www.vupen.com/english/advisories/2006/3782
https://exchange.xforce.ibmcloud.com/vulnerabilities/29128

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3:4.0:::::::*

History

No history.

Information

Published : 2006-09-28 00:07

Updated : 2023-12-10 10:40

NVD link : CVE-2006-5069

Mitre link : CVE-2006-5069

CVE.ORG link : CVE-2006-5069

JSON object : View

Products Affected

typo3

typo3

CWE

NVD-CWE-Other

{"id": "CVE-2006-5069", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-09-28T00:07:00.000", "references": [{"url": "http://marc.info/?l=full-disclosure&m=115918334930694&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22071", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1646", "source": "cve@mitre.org"}, {"url": "http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/446885/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20173", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3782", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29128", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter."}, {"lang": "es", "value": "Vulnerabilidad de XSS en class.tx_indexedsearch.php en la extensi\u00f3n Indexed Search 2.9.0 para Typo3 en versiones anteriores a 4.0.2 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro de b\u00fasqueda."}], "lastModified": "2018-10-17T21:40:59.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF9C28A4-7F2C-492D-8514-63C598DC8BA6", "versionEndIncluding": "4.0.1"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}