CVE-2006-6925

Current Description

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.

Basic Data

PublishedJanuary 13, 2007
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationBitweaverBitweaver1.1*******
    2.3ApplicationBitweaverBitweaver1.1.1_beta*******
    2.3ApplicationBitweaverBitweaver1.2.1*******
    2.3ApplicationBitweaverBitweaver1.3*******
    2.3ApplicationBitweaverBitweaver1.3.1*******

Vulnerable Software List

VendorProductVersions
Bitweaver Bitweaver 1.1, 1.1.1_beta, 1.2.1, 1.3, 1.3.1

References

NameSourceURLTags
20061106 bitweaver <=1.3.1 [injection sql (post) & xss (post)]http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.htmlBUGTRAQExploit Vendor Advisory
22793http://secunia.com/advisories/22793SECUNIAVendor Advisory
2144http://securityreason.com/securityalert/2144SREASON
20988http://www.securityfocus.com/bid/20988BIDExploit Vendor Advisory
20996http://www.securityfocus.com/bid/20996BIDExploit Vendor Advisory
ADV-2006-4485http://www.vupen.com/english/advisories/2006/4485VUPEN
bitweaver-edit-post-xss(30167)https://exchange.xforce.ibmcloud.com/vulnerabilities/30167XF