CVE-2006-3259: XSS
First published: Tue Jun 27 2006(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| e107 CMS | <=0.7.5 | |
| e107 CMS | =0.6_10 | |
| e107 CMS | =0.6_11 | |
| e107 CMS | =0.6_12 | |
| e107 CMS | =0.6_13 | |
| e107 CMS | =0.6_14 | |
| e107 CMS | =0.6_15 | |
| e107 CMS | =0.6_15a | |
| e107 CMS | =0.7 | |
| e107 CMS | =0.7.1 | |
| e107 CMS | =0.7.2 | |
| e107 CMS | =0.7.3 | |
| e107 CMS | =0.7.4 | |
| e107 CMS | =0.545 | |
| e107 CMS | =0.547_beta | |
| e107 CMS | =0.548_beta | |
| e107 CMS | =0.549_beta | |
| e107 CMS | =0.551_beta | |
| e107 CMS | =0.552_beta | |
| e107 CMS | =0.553_beta | |
| e107 CMS | =0.554 | |
| e107 CMS | =0.554_beta | |
| e107 CMS | =0.555_beta | |
| e107 CMS | =0.600 | |
| e107 CMS | =0.601 | |
| e107 CMS | =0.602 | |
| e107 CMS | =0.603 | |
| e107 CMS | =0.604 | |
| e107 CMS | =0.605 | |
| e107 CMS | =0.606 | |
| e107 CMS | =0.607 | |
| e107 CMS | =0.608 | |
| e107 CMS | =0.609 | |
| e107 CMS | =0.610 | |
| e107 CMS | =0.611 | |
| e107 CMS | =0.612 | |
| e107 CMS | =0.613 | |
| e107 CMS | =0.614 | |
| e107 CMS | =0.615 | |
| e107 CMS | =0.615a | |
| e107 CMS | =0.616 | |
| e107 CMS | =0.617 | |
| e107 CMS | =0.6171 | |
| e107 CMS | =0.6172 | |
| e107 CMS | =0.6173 | |
| e107 CMS | =0.6174 | |
| e107 CMS | =0.6175 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/18560
- http://secunia.com/advisories/20727
- http://www.securityfocus.com/bid/18508
- http://securityreason.com/securityalert/1151
- http://www.vupen.com/english/advisories/2006/2460
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27242
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27240
- http://www.securityfocus.com/archive/1/437649/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3259?
CVE-2006-3259 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2006-3259?
To fix CVE-2006-3259, update your e107 CMS to version 0.7.6 or later where the vulnerabilities have been patched.
What are the affected versions for CVE-2006-3259?
CVE-2006-3259 affects e107 CMS versions from 0.6.10 to 0.7.5.
What types of vulnerabilities are associated with CVE-2006-3259?
CVE-2006-3259 is associated with multiple cross-site scripting (XSS) vulnerabilities.
Can CVE-2006-3259 be exploited remotely?
Yes, CVE-2006-3259 can be exploited remotely by attackers to inject arbitrary web scripts or HTML.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/e107
- canonical/e107 cms
- version/e107 cms/0.7.5
- version/e107 cms/0.6_10
- version/e107 cms/0.6_11
- version/e107 cms/0.6_12
- version/e107 cms/0.6_13
- version/e107 cms/0.6_14
- version/e107 cms/0.6_15
- version/e107 cms/0.6_15a
- version/e107 cms/0.7
- version/e107 cms/0.7.1
- version/e107 cms/0.7.2
- version/e107 cms/0.7.3
- version/e107 cms/0.7.4
- version/e107 cms/0.545
- version/e107 cms/0.547_beta
- version/e107 cms/0.548_beta
- version/e107 cms/0.549_beta
- version/e107 cms/0.551_beta
- version/e107 cms/0.552_beta
- version/e107 cms/0.553_beta
- version/e107 cms/0.554
- version/e107 cms/0.554_beta
- version/e107 cms/0.555_beta
- version/e107 cms/0.600
- version/e107 cms/0.601
- version/e107 cms/0.602
- version/e107 cms/0.603
- version/e107 cms/0.604
- version/e107 cms/0.605
- version/e107 cms/0.606
- version/e107 cms/0.607
- version/e107 cms/0.608
- version/e107 cms/0.609
- version/e107 cms/0.610
- version/e107 cms/0.611
- version/e107 cms/0.612
- version/e107 cms/0.613
- version/e107 cms/0.614
- version/e107 cms/0.615
- version/e107 cms/0.615a
- version/e107 cms/0.616
- version/e107 cms/0.617
- version/e107 cms/0.6171
- version/e107 cms/0.6172
- version/e107 cms/0.6173
- version/e107 cms/0.6174
- version/e107 cms/0.6175