Vulnerability Description
Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| New Atlanta Communications | Bluedragon Server | 6.2.1.286 |
| New Atlanta Communications | Bluedragon Server Jx | 6.2.1.286 |
References
- http://secunia.com/advisories/19180ExploitVendor Advisory
- http://secunia.com/secunia_research/2006-18/advisoryExploitVendor Advisory
- http://www.securityfocus.com/bid/18623
- http://www.vupen.com/english/advisories/2006/2502
- http://secunia.com/advisories/19180ExploitVendor Advisory
- http://secunia.com/secunia_research/2006-18/advisoryExploitVendor Advisory
- http://www.securityfocus.com/bid/18623
- http://www.vupen.com/english/advisories/2006/2502
FAQ
What is CVE-2006-2311?
CVE-2006-2311 is a vulnerability with a CVSS score of 2.6 (LOW). Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) ...
How severe is CVE-2006-2311?
CVE-2006-2311 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2311?
Check the references section above for vendor advisories and patch information. Affected products include: New Atlanta Communications Bluedragon Server, New Atlanta Communications Bluedragon Server Jx.