CVE-2006-4964
Properties
- Published:
- 22.09.2006
- Updated:
- 28.09.2006
- Patch available:
- Severity:
- High
- CVSS vector:
- (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
- Product:
-
MAXdev: MD-Pro
MAXdev: MD-Pro
MAXdev: MD-Pro
MAXdev: MD-Pro
Vulnerability description
Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.References:
http://jvn.jp/jp/JVN%2346630603/index.html: http://jvn.jp/jp/JVN%2346630603/index.htmlhttp://www.maxdev.com/Article605.phtml: http://www.maxdev.com/Article605.phtml
http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_MDPro_1.076.phtml: http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_MDPro_1.076.phtml
BID: http://www.securityfocus.com/bid/20133
FRSIRT: http://www.frsirt.com/english/advisories/2006/3732
SECUNIA: http://secunia.com/advisories/22050