Vulnerabilities > CVE-2006-5986 - Cross-Site Scripting vulnerability in Extreme CMS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
extreme-cms
Summary
admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |