NVD

Id
64043  
Name
CVE-2006-5442  
Description
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2016-12-20  
Published
2006-10-20  
Modified Date
2008-09-05  
Seq
2006-5442  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
333909 64043 CVE-2006-5442 1755  View
333910 64043 CVE-2006-5442 [announce] 20061013 ViewVC 1.0.3 released [SECURITY FIXES]  View
333911 64043 CVE-2006-5442 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD  View
333912 64043 CVE-2006-5442 http://www.hardened-php.net/advisory_102006.134.html  View
333913 64043 CVE-2006-5442 20061015 Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability  View
333914 64043 CVE-2006-5442 20543  View
333915 64043 CVE-2006-5442 viewvc-utf7-xss(29576)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
61063 JVNDB-2006-003329 ViewVC におけるクロスサイトスクリプティング攻撃を実行される脆弱性 ViewVC は、HTTP ヘッダまたは HTML 文書の文字セットを指定しないため、クロスサイトスクリプティング攻撃を実行される脆弱性が存在します。 CVE-2006-5442 21544 CVE-2006-5442 64043 6.8 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-003329.html 2006-10-20 2012-12-20 View