Vulnerabilities > CVE-2006-2243 - Cross-Site Scripting vulnerability in News Portal

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

web4future

NVD

Published: 2006-05-09

Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection.

Vulnerable Configurations

Part	Description	Count
Application	Web4Future Web4Future News Portal *	1

References

http://secunia.com/advisories/17880
http://securitytracker.com/id?1016027
http://www.osvdb.org/25287
http://www.osvdb.org/25288
https://exchange.xforce.ibmcloud.com/vulnerabilities/26259