CVE-2006-4543 : Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web sc

Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.

Published 2006-09-06 00:04:00

Updated 2018-10-17 21:37:33

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2006-4543

Probability of exploitation activity in the next 30 days: 0.71%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-4543

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-4543

Products affected by CVE-2006-4543

Hlstats » Hlstats » Version: 1.34
cpe:2.3:a:hlstats:hlstats:1.34:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-4543

Exploit prediction scoring system (EPSS) score for CVE-2006-4543

CVSS scores for CVE-2006-4543

References for CVE-2006-4543

Products affected by CVE-2006-4543