Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-3617 | First vendor Publication | 2006-07-18 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5.8 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3617 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-19 | Embedding Scripts within Scripts |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-63 | Simple Script Injection |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
| CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
| CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
| CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
| CAPEC-91 | XSS in IMG Tags |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 58826 | Pixelated By Lev (PBL) Guestbook pblguestbook.php Multiple Parameter XSS Pixelated by Lev (PBL) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'name,' 'message' (aka comments), 'website' and 'email' parameters upon submission to the pblguestbook.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:19:59 |
|
| 2024-11-28 12:09:30 |
|
| 2021-05-04 12:04:19 |
|
| 2021-04-22 01:04:56 |
|
| 2020-05-23 00:18:05 |
|
| 2018-10-18 21:20:15 |
|
| 2017-07-20 09:23:45 |
|
| 2013-05-11 11:03:24 |
|
