Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eva-Web | Eva-Web | <= 2.1.2 |
References
- http://pridels0.blogspot.com/2006/05/eva-web-212-vuln.html
- http://secunia.com/advisories/20279ExploitVendor Advisory
- http://www.securityfocus.com/bid/18161
- http://www.vupen.com/english/advisories/2006/2048
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26891
- http://pridels0.blogspot.com/2006/05/eva-web-212-vuln.html
- http://secunia.com/advisories/20279ExploitVendor Advisory
- http://www.securityfocus.com/bid/18161
- http://www.vupen.com/english/advisories/2006/2048
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26891
FAQ
What is CVE-2006-2689?
CVE-2006-2689 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.ph...
How severe is CVE-2006-2689?
CVE-2006-2689 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2689?
Check the references section above for vendor advisories and patch information. Affected products include: Eva-Web Eva-Web.