CVE-2006-1850 : Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitr

Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi.

Published 2006-04-19 16:06:00

Updated 2017-07-20 01:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2006-1850

Probability of exploitation activity in the next 30 days: 0.53%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-1850

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.6	LOW	AV:N/AC:H/Au:N/C:N/I:P/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2006-1850

Products affected by CVE-2006-1850

Skymarx Solutions » Xflow
Versions up to, including, (<=) 5.46.11
cpe:2.3:a:skymarx_solutions:xflow:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-1850

Exploit prediction scoring system (EPSS) score for CVE-2006-1850

CVSS scores for CVE-2006-1850

References for CVE-2006-1850

Products affected by CVE-2006-1850