Vulnerabilities > CVE-2006-2991 - Cross-Site Scripting vulnerability in Ringlink 3.2

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

ringlink

NVD

Published: 2006-06-13

Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi.

Vulnerable Configurations

Part	Description	Count
Application	Ringlink Ringlink Ringlink 3.2	1

References

http://secunia.com/advisories/20590
http://securityreason.com/securityalert/1082
http://www.osvdb.org/26318
http://www.osvdb.org/26319
http://www.osvdb.org/26320
http://www.securityfocus.com/archive/1/436690/100/0/threaded
http://www.securityfocus.com/bid/18360
http://www.vupen.com/english/advisories/2006/2281
https://exchange.xforce.ibmcloud.com/vulnerabilities/27053