Vulnerabilities > CVE-2006-2799 - Cross-Site Scripting vulnerability in ToendaCMS

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

toenda-software-development

NVD

Published: 2006-06-03

Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. Successful exploitation requires that the user is running a browser that has not URL-encoded the request (e.g. Internet Explorer).

Vulnerable Configurations

Part	Description	Count
Application	Toenda_Software_Development Toenda Software Development Toendacms 0.6 Toenda Software Development Toendacms 0.6.1 Toenda Software Development Toendacms 0.6.2.1 Toenda Software Development Toendacms 0.6_Beta_1 Toenda Software Development Toendacms 0.6_Beta_2 Toenda Software Development Toendacms 0.6_Beta_3 Toenda Software Development Toendacms 0.6_Pre-Beta Toenda Software Development Toendacms *	8

Summary

Vulnerable Configurations

References