Computer Security

CVE-2006-4543
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2006-4543
StatusCandidate
DescriptionCross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.
SeverityHigh
CVSS score7
CVSS vector(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
PhaseAssigned (05.09.2006)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4543
ReferencesBID : 19771
 BUGTRAQ : 20060830 XSS in HLstats 1.34
 SECUNIA : 21635
SecurityVulns:Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server