Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpnews | Phpnews | 1.3 |
References
- http://secunia.com/advisories/23214Vendor Advisory
- http://securityreason.com/securityalert/1994
- http://www.securityfocus.com/archive/1/453321/100/0/threaded
- http://www.securityfocus.com/bid/21404Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30664
- http://secunia.com/advisories/23214Vendor Advisory
- http://securityreason.com/securityalert/1994
- http://www.securityfocus.com/archive/1/453321/100/0/threaded
- http://www.securityfocus.com/bid/21404Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30664
FAQ
What is CVE-2006-6356?
CVE-2006-6356 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) ...
How severe is CVE-2006-6356?
CVE-2006-6356 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6356?
Check the references section above for vendor advisories and patch information. Affected products include: Phpnews Phpnews.