Vulnerability Description
Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maxdev | Md-Pro | <= 1.0.76 |
References
- http://jvn.jp/jp/JVN%2346630603/index.html
- http://secunia.com/advisories/22050PatchVendor Advisory
- http://www.maxdev.com/Article605.phtmlPatchURL Repurposed
- http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_PatchURL Repurposed
- http://www.securityfocus.com/bid/20133Patch
- http://www.vupen.com/english/advisories/2006/3732
- http://jvn.jp/jp/JVN%2346630603/index.html
- http://secunia.com/advisories/22050PatchVendor Advisory
- http://www.maxdev.com/Article605.phtmlPatchURL Repurposed
- http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_PatchURL Repurposed
- http://www.securityfocus.com/bid/20133Patch
- http://www.vupen.com/english/advisories/2006/3732
FAQ
What is CVE-2006-4964?
CVE-2006-4964 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms...
How severe is CVE-2006-4964?
CVE-2006-4964 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4964?
Check the references section above for vendor advisories and patch information. Affected products include: Maxdev Md-Pro.