Vulnerability Description
Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Interact | Interact | <= 2.1.1 |
References
- http://secunia.com/advisories/19488Vendor Advisory
- http://www.osvdb.org/24389
- http://www.osvdb.org/24461
- http://www.vupen.com/english/advisories/2006/1244
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25652
- http://secunia.com/advisories/19488Vendor Advisory
- http://www.osvdb.org/24389
- http://www.osvdb.org/24461
- http://www.vupen.com/english/advisories/2006/1244
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25652
FAQ
What is CVE-2006-1642?
CVE-2006-1642 is a vulnerability with a CVSS score of 2.6 (LOW). Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, ...
How severe is CVE-2006-1642?
CVE-2006-1642 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1642?
Check the references section above for vendor advisories and patch information. Affected products include: Interact Interact.