Vulnerabilities > CVE-2006-3299 - Cross-Site Scripting vulnerability in Metalheadws Usenet 0.5

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

metalheadws

exploit available

NVD

Published: 2006-06-29

Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter.

Vulnerable Configurations

Part	Description	Count
Application	Metalheadws Metalheadws Usenet 0.5	1

Exploit-Db

description	Usenet 0.5 Index.PHP Cross-Site Scripting Vulnerability. CVE-2006-3299. Webapps exploit for php platform
id	EDB-ID:28109
last seen	2016-02-03
modified	2006-06-23
published	2006-06-23
reporter	Luny
source	https://www.exploit-db.com/download/28109/
title	Usenet 0.5 Index.PHP Cross-Site Scripting Vulnerability

References

http://secunia.com/advisories/20872
http://securityreason.com/securityalert/1170
http://www.securityfocus.com/archive/1/438443/100/0/threaded
http://www.securityfocus.com/bid/18662
http://www.vupen.com/english/advisories/2006/2572
https://exchange.xforce.ibmcloud.com/vulnerabilities/27406