Vulnerabilities > CVE-2006-0193 - Cross-Site Scripting vulnerability in H-Sphere

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

positive-software

NVD

Published: 2006-01-13

Updated: 2018-10-19

Summary

Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.

Vulnerable Configurations

Part	Description	Count
Application	Positive_Software Positive Software H Sphere 2.4.1 Positive Software H Sphere 2.4.1_Patch_1 Positive Software H Sphere 2.4.1_Patch_2 Positive Software H Sphere 2.4.1_Patch_3 Positive Software H Sphere 2.4.1_Patch_4 Positive Software H Sphere 2.4.1_Patch_5 Positive Software H Sphere 2.4.1_Patch_6 Positive Software H Sphere 2.4.1_Patch_7 Positive Software H Sphere 2.4.2 Positive Software H Sphere 2.4.2_Beta_1 Positive Software H Sphere 2.4.2_Beta_2 Positive Software H Sphere 2.4.2_Beta_3 Positive Software H Sphere 2.4.2_Patch_1 Positive Software H Sphere 2.4.2_Patch_2 Positive Software H Sphere 2.4.2_Patch_3 Positive Software H Sphere 2.4.2_Patch_4 Positive Software H Sphere 2.4.2_Patch_5 Positive Software H Sphere 2.4.2_Rc1 Positive Software H Sphere 2.4.2_Rc2 Positive Software H Sphere 2.4.3 Positive Software H Sphere 2.4.3_Beta_1 Positive Software H Sphere 2.4.3_Beta_2 Positive Software H Sphere 2.4.3_Patch_1 Positive Software H Sphere 2.4.3_Patch_2 Positive Software H Sphere 2.4.3_Patch_3 Positive Software H Sphere 2.4.3_Patch_4 Positive Software H Sphere 2.4.3_Patch_5 Positive Software H Sphere 2.4.3_Patch_6 Positive Software H Sphere 2.4.3_Patch_7 Positive Software H Sphere 2.4.3_Patch_8 Positive Software H Sphere 2.4.3_Rc1 Positive Software H Sphere 2.4.3_Rc2	32

Summary

Vulnerable Configurations

References