Vulnerabilities > CVE-2006-6649 - Cross-Site Scripting vulnerability in Hypervm

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

hypervm

NVD

Published: 2006-12-20

Updated: 2018-10-17

Summary

Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, or its existence.

Vulnerable Configurations

Part	Description	Count
Application	Hypervm Hypervm Hypervm *	1

References

http://secunia.com/advisories/23413
http://securityreason.com/securityalert/2051
http://www.aria-security.com/forum/showthread.php?p=89#post89
http://www.attrition.org/pipermail/vim/2006-December/001191.html
http://www.securityfocus.com/archive/1/454704/100/0/threaded
http://www.vupen.com/english/advisories/2006/5062