Vulnerabilities > CVE-2006-0946 - Cross-Site Scripting vulnerability in Thomson SpeedTouch 500 Series

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

thomson

exploit available

NVD

Published: 2006-03-01

Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page.

Vulnerable Configurations

Part	Description	Count
Hardware	Thomson Thomson Speedtouch 516_5.3.2.6.0 Thomson Speedtouch 530_5.3.2.6.0 Thomson Speedtouch 536_5.3.2.6.0 Thomson Speedtouch 546_5.3.2.6.0 Thomson Speedtouch 576_5.3.2.6.0 Thomson Speedtouch 580_5.3.2.6.0 Thomson Speedtouch 585_5.3.2.6.0	7

Exploit-Db

description	Thomson SpeedTouch 500 Series LocalNetwork Page name Parameter XSS. CVE-2006-0946. Remote exploit for hardware platform
id	EDB-ID:27320
last seen	2016-02-03
modified	2006-02-25
published	2006-02-25
reporter	Preben Nylokken
source	https://www.exploit-db.com/download/27320/
title	Thomson SpeedTouch 500 Series LocalNetwork Page name Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References