Home > Vulnerability Database > CVE-2006-5791

Mend.io Vulnerability Database

CVE-2006-5791

Date: November 7, 2006

Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.

Severity Score

3.7

Related Resources (11)

Url: http://www.securityfocus.com/bid/20881

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-5791

Url: http://www.securityfocus.com/bid/20882

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/29986

Url: http://www.debian.org/security/2006/dsa-1242

Url: http://secunia.com/advisories/22638

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016

Url: http://secunia.com/advisories/23580

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-5791

Url: http://www.vupen.com/english/advisories/2006/4315

Url: https://www.mend.io/vulnerability-database/CVE-2006-5791

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-5791

Date: November 7, 2006

Severity Score

Related Resources (11)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?