Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stefan Ritt | Elog Web Logbook | <= 2.6.2 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016
- http://secunia.com/advisories/22638Vendor Advisory
- http://secunia.com/advisories/23580
- http://www.debian.org/security/2006/dsa-1242
- http://www.securityfocus.com/bid/20881
- http://www.securityfocus.com/bid/20882
- http://www.vupen.com/english/advisories/2006/4315
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29986
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016
- http://secunia.com/advisories/22638Vendor Advisory
- http://secunia.com/advisories/23580
- http://www.debian.org/security/2006/dsa-1242
- http://www.securityfocus.com/bid/20881
- http://www.securityfocus.com/bid/20882
- http://www.vupen.com/english/advisories/2006/4315
FAQ
What is CVE-2006-5791?
CVE-2006-5791 is a vulnerability with a CVSS score of 2.6 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is no...
How severe is CVE-2006-5791?
CVE-2006-5791 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5791?
Check the references section above for vendor advisories and patch information. Affected products include: Stefan Ritt Elog Web Logbook.