CVE Vulnerabilities

CVE-2006-3278

Published: Jun 28, 2006 | Modified: Jul 20, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.

Affected Software

Name Vendor Start Version End Version
H-sphere Positive_software * 2.5.1_beta_1
H-sphere Positive_software 2.5_patch_2 2.5_patch_2
H-sphere Positive_software 2.5_rc_3 2.5_rc_3
H-sphere Positive_software 2.5 2.5
H-sphere Positive_software 2.5_patch_1 2.5_patch_1

References