Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2006-2016

Date: April 25, 2006

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

Severity Score

Related Resources (17)

https://exchange.xforce.ibmcloud.com/vulnerabilities/25959
https://exchange.xforce.ibmcloud.com/vulnerabilities/25958
http://www.vupen.com/english/advisories/2006/1450
http://www.debian.org/security/2006/dsa-1057
http://secunia.com/advisories/19747
https://nvd.nist.gov/vuln/detail/CVE-2006-2016
http://www.osvdb.org/24788
http://www.osvdb.org/24789
http://secunia.com/advisories/20124
https://people.canonical.com/~ubuntu-security/cve/CVE-2006-2016
http://www.osvdb.org/24790
http://www.osvdb.org/24793
http://www.osvdb.org/24792
http://www.osvdb.org/24794
http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html
http://www.securityfocus.com/bid/17643
https://www.mend.io/vulnerability-database/CVE-2006-2016

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us