Vulnerability Details : CVE-2006-5152
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2006-5152
- cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5152
22.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5152
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2006-5152
-
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0030.html
-
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0017.html
-
http://www.securityfocus.com/archive/1/447509/100/0/threaded
-
http://www.osvdb.org/31328
-
http://www.securityfocus.com/archive/1/447574/100/0/threaded
-
http://www.securityfocus.com/archive/1/447516/100/0/threaded
Jump to