CVE-2006-4577

Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.

Published: Dec 31, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4577
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
the_address_book / the_address_book	1.04e	1.04e.x

http://osvdb.org/32564
http://osvdb.org/32565
http://osvdb.org/32566
http://secunia.com/advisories/21694
http://secunia.com/secunia_research/2006-76/advisory/
http://www.securityfocus.com/bid/21870
https://exchange.xforce.ibmcloud.com/vulnerabilities/31240
https://exchange.xforce.ibmcloud.com/vulnerabilities/31247

Vulnerability Database

290,278

CVE-2006-4577