Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Address Book | The Address Book | 1.04e |
References
- http://osvdb.org/32564
- http://osvdb.org/32565
- http://osvdb.org/32566
- http://secunia.com/advisories/21694ExploitVendor Advisory
- http://secunia.com/secunia_research/2006-76/advisory/ExploitVendor Advisory
- http://www.securityfocus.com/bid/21870
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31240
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31247
- http://osvdb.org/32564
- http://osvdb.org/32565
- http://osvdb.org/32566
- http://secunia.com/advisories/21694ExploitVendor Advisory
- http://secunia.com/secunia_research/2006-76/advisory/ExploitVendor Advisory
- http://www.securityfocus.com/bid/21870
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31240
FAQ
What is CVE-2006-4577?
CVE-2006-4577 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3...
How severe is CVE-2006-4577?
CVE-2006-4577 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4577?
Check the references section above for vendor advisories and patch information. Affected products include: The Address Book The Address Book.