Vulnerabilities > CVE-2006-0194 - Cross-Site Scripting vulnerability in Fog Creek Software FogBugz Default.ASP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Fog Creek Software FogBugz 4.0 29 Default.ASP Cross-Site Scripting Vulnerability. CVE-2006-0194. Webapps exploit for asp platform |
id | EDB-ID:27071 |
last seen | 2016-02-03 |
modified | 2006-01-12 |
published | 2006-01-12 |
reporter | M.Neset KABAKLI |
source | https://www.exploit-db.com/download/27071/ |
title | Fog Creek Software FogBugz 4.0 29 Default.ASP Cross-Site Scripting Vulnerability |
References
- http://secunia.com/advisories/18443
- http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html
- http://www.osvdb.org/22370
- http://www.securityfocus.com/archive/1/421729/100/0/threaded
- http://www.securityfocus.com/bid/16216
- http://www.vupen.com/english/advisories/2006/0174
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24103