CVE-2006-6600

Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582	Exploit
http://secunia.com/advisories/23270	Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582	Exploit
http://secunia.com/advisories/23270	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:torrentflux:torrentflux:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-12-15 22:28

Updated : 2025-04-09 00:30

NVD link : CVE-2006-6600

Mitre link : CVE-2006-6600

CVE.ORG link : CVE-2006-6600

JSON object : View

Products Affected

torrentflux

torrentflux

CWE

NVD-CWE-Other

6.0 /10