Vulnerability Details : CVE-2006-2699
Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2006-2699
- cpe:2.3:a:geeklog:geeklog:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.35:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.5_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_sr3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr5:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr5:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr4:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr4:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr6:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.10_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.10_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.10_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_sr3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_sr4:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_sr4:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0_sr2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2699
2.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2699
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2006-2699
-
http://www.geeklog.net/index.php?topic=Security
Patch
-
http://www.vupen.com/english/advisories/2006/2050
-
http://www.securityfocus.com/archive/1/435295/100/0/threaded
-
http://securityreason.com/securityalert/993
-
http://www.securityfocus.com/bid/18154
Exploit;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26862
-
http://kapda.ir/advisory-336.html
Exploit;Patch;Vendor Advisory
Jump to