CVE-2006-6096

Properties

Published:
23.11.2006
Updated:
26.02.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Product:
Dotnetindex: Active News Manager

Vulnerability description

Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=116387481223790&w=2
http://www.aria-security.com/forum/showthread.php?t=33: http://www.aria-security.com/forum/showthread.php?t=33
BID: http://www.securityfocus.com/bid/21167