CVE-2006-1393: XSS
First published: Sun Mar 26 2006(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| University Of Washington Pubcookie | =3.3.0 | |
| University Of Washington Pubcookie | =3.2.0 | |
| University Of Washington Pubcookie | =3.2.1a | |
| University Of Washington Pubcookie | =3.1.0 | |
| University Of Washington Pubcookie | =3.0.0 | |
| University Of Washington Pubcookie | =3.1.1 | |
| University Of Washington Pubcookie | =3.2.1 | |
| University of Washington Pubcookie | =3.0.0 | |
| University of Washington Pubcookie | =3.1.0 | |
| University of Washington Pubcookie | =3.1.1 | |
| University of Washington Pubcookie | =3.2.0 | |
| University of Washington Pubcookie | =3.2.1 | |
| University of Washington Pubcookie | =3.2.1a | |
| University of Washington Pubcookie | =3.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-1393?
The severity of CVE-2006-1393 is considered high due to its potential for remote code execution through cross-site scripting.
How do I fix CVE-2006-1393?
To fix CVE-2006-1393, upgrade to University of Washington Pubcookie version 3.2.1b or later.
Which versions of Pubcookie are affected by CVE-2006-1393?
CVE-2006-1393 affects Pubcookie versions 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 prior to 3.2.1b, and 3.3 prior to 3.3.0a.
What types of vulnerabilities are associated with CVE-2006-1393?
CVE-2006-1393 is associated with multiple cross-site scripting (XSS) vulnerabilities.
Can CVE-2006-1393 be exploited without user interaction?
Yes, CVE-2006-1393 can potentially be exploited by attackers without user interaction, allowing them to inject scripts.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/university of washington
- canonical/university of washington pubcookie
- version/university of washington pubcookie/3.3.0
- version/university of washington pubcookie/3.2.0
- version/university of washington pubcookie/3.2.1a
- version/university of washington pubcookie/3.1.0
- version/university of washington pubcookie/3.0.0
- version/university of washington pubcookie/3.1.1
- version/university of washington pubcookie/3.2.1