Vulnerability Description
Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webexceluk | P.A.I.D | 2.2 |
References
- http://secunia.com/advisories/20601Vendor Advisory
- http://securityreason.com/securityalert/1108
- http://www.securityfocus.com/archive/1/436650/100/0/threaded
- http://www.vupen.com/english/advisories/2006/2304
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27157
- http://secunia.com/advisories/20601Vendor Advisory
- http://securityreason.com/securityalert/1108
- http://www.securityfocus.com/archive/1/436650/100/0/threaded
- http://www.vupen.com/english/advisories/2006/2304
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27157
FAQ
What is CVE-2006-3060?
CVE-2006-3060 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) ...
How severe is CVE-2006-3060?
CVE-2006-3060 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3060?
Check the references section above for vendor advisories and patch information. Affected products include: Webexceluk P.A.I.D.