Vulnerabilities > CVE-2006-3974 - Cross-Site Scripting vulnerability in 3Com 3Cr860-95 1.04

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
3com
exploit available
NVD
Published: 2007-06-11
Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.

Vulnerable Configurations

Part Description Count
Hardware
3Com
1

Exploit-Db

description3Com OfficeConnect Secure Router 1.04-168 Tk Parameter Cross Site Scripting Vulnerability. CVE-2006-3974. Remote exploit for hardware platform
idEDB-ID:30164
last seen2016-02-03
modified2007-06-08
published2007-06-08
reporterSecunia Research
sourcehttps://www.exploit-db.com/download/30164/
title3Com OfficeConnect Secure Router 1.04-168 Tk Parameter Cross-Site Scripting Vulnerability

References