Published: 31/05/2006 Updated: 20/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 695

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eva-web eva-web

source: wwwsecurityfocuscom/bid/18161/info EVA-Web is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context o ...

source: wwwsecurityfocuscom/bid/18161/info EVA-Web is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of ...

source: wwwsecurityfocuscom/bid/18161/info EVA-Web is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context ...

NVD-CWE-Other http://secunia.com/advisories/20279 http://www.securityfocus.com/bid/18161 http://pridels0.blogspot.com/2006/05/eva-web-212-vuln.html http://www.vupen.com/english/advisories/2006/2048 https://exchange.xforce.ibmcloud.com/vulnerabilities/26891 https://nvd.nist.gov https://www.exploit-db.com/exploits/27921/

CVE-2006-2689

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect