Vulnerability Description
Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.
CVSS Score
5.1
MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Six Offene Systeme Gmbh | Sixcms | <= 6.0 |
References
- http://secunia.com/advisories/20655Vendor Advisory
- http://securityreason.com/securityalert/1101
- http://securitytracker.com/id?1016282Exploit
- http://www.majorsecurity.de/advisory/major_rls17.txtExploitVendor Advisory
- http://www.securityfocus.com/archive/1/437047/100/0/threaded
- http://www.securityfocus.com/archive/1/437639/100/0/threaded
- http://www.securityfocus.com/bid/18393Exploit
- http://www.vupen.com/english/advisories/2006/2386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27108
- http://secunia.com/advisories/20655Vendor Advisory
- http://securityreason.com/securityalert/1101
- http://securitytracker.com/id?1016282Exploit
- http://www.majorsecurity.de/advisory/major_rls17.txtExploitVendor Advisory
- http://www.securityfocus.com/archive/1/437047/100/0/threaded
- http://www.securityfocus.com/archive/1/437639/100/0/threaded
FAQ
What is CVE-2006-3051?
CVE-2006-3051 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.
How severe is CVE-2006-3051?
CVE-2006-3051 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3051?
Check the references section above for vendor advisories and patch information. Affected products include: Six Offene Systeme Gmbh Sixcms.