CVE

Id
19717  
CVE No.
CVE-2006-3613  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this item for?") and (2) special (aka "Special Instructions") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php.  
Phase
Assigned (20060714)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
178583 19717 CVE-2006-3613 BUGTRAQ:20060630 ezWaiter v3.0 - XSS  View
178584 19717 CVE-2006-3613 URL:http://www.securityfocus.com/archive/1/archive/1/438792/100/0/threaded  View
178585 19717 CVE-2006-3613 BID:18746  View
178586 19717 CVE-2006-3613 URL:http://www.securityfocus.com/bid/18746  View
178587 19717 CVE-2006-3613 XF:ezwaiter-input-fields-xss(27587)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
60506 JVNDB-2006-002772 Phorum における PHP リモートファイルインクルージョンの脆弱性 Phorum には、初期されていない変数に関する処理に不備があるため、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2006-3615 19717 5.1 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-002772.html  View