Vulnerabilities > CVE-2006-1544 - Cross-Site Scripting vulnerability in Vscripts Vnews 1.2

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

vscripts

NVD

Published: 2006-03-30

Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza and (2) tresckomentarza parameters.

Vulnerable Configurations

Part	Description	Count
Application	Vscripts Vscripts Vnews 1.2	1

References

http://secunia.com/advisories/19435
http://www.evuln.com/vulns/112
http://www.osvdb.org/24275
http://www.securityfocus.com/archive/1/430674/100/0/threaded
http://www.securityfocus.com/bid/17317
http://www.vupen.com/english/advisories/2006/1173
https://exchange.xforce.ibmcloud.com/vulnerabilities/25530