Details of VAR-200612-0251

ID

VAR-200612-0251

CVE

CVE-2006-4727

TITLE

Tumbleweed EMF Administration Module of emfadmin/statusView.do Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2006-003152

DESCRIPTION

Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in Tumbleweed EMF Administration Module 6.2.2 Build 4123, and possibly other versions before 6.3.2, allows remote attackers to inject arbitrary web script or HTML via the (1) lineId and (2) sort parameters

Trust: 1.71

sources: NVD: CVE-2006-4727 // JVNDB: JVNDB-2006-003152 // VULHUB: VHN-20835

AFFECTED PRODUCTS

vendor:	tumbleweed	model:	email firewall	scope:	eq	version:	6.2.2_build_4123	Trust: 1.0
vendor:	tumbleweed	model:	email firewall	scope:	lt	version:	6.2.2 build 4123 and 6.3.2	Trust: 0.8

sources: JVNDB: JVNDB-2006-003152 // NVD: CVE-2006-4727

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4727
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-4727
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200712-418
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-20835
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-4727
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-20835
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-20835 // JVNDB: JVNDB-2006-003152 // CNNVD: CNNVD-200712-418 // NVD: CVE-2006-4727

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-20835 // JVNDB: JVNDB-2006-003152 // NVD: CVE-2006-4727

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200712-418

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200712-418

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003152

PATCH

title:	Top Page	url:	http://www.axway.com/	Trust: 0.8
title:	Tumbleweed EMF Administration Module Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175110	Trust: 0.6

sources: JVNDB: JVNDB-2006-003152 // CNNVD: CNNVD-200712-418

EXTERNAL IDS

db:	NVD	id:	CVE-2006-4727	Trust: 2.5
db:	OSVDB	id:	28722	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-003152	Trust: 0.8
db:	XF	id:	42392	Trust: 0.6
db:	CNNVD	id:	CNNVD-200712-418	Trust: 0.6
db:	BID	id:	83654	Trust: 0.1
db:	VULHUB	id:	VHN-20835	Trust: 0.1

sources: VULHUB: VHN-20835 // JVNDB: JVNDB-2006-003152 // CNNVD: CNNVD-200712-418 // NVD: CVE-2006-4727

REFERENCES

url:	http://osvdb.org/ref/28/28722-tumbleweed-emf.txt	Trust: 1.7
url:	http://www.osvdb.org/28722	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/42392	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4727	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4727	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/42392	Trust: 0.6

sources: VULHUB: VHN-20835 // JVNDB: JVNDB-2006-003152 // CNNVD: CNNVD-200712-418 // NVD: CVE-2006-4727

SOURCES

db:	VULHUB	id:	VHN-20835
db:	JVNDB	id:	JVNDB-2006-003152
db:	CNNVD	id:	CNNVD-200712-418
db:	NVD	id:	CVE-2006-4727

LAST UPDATE DATE

2025-04-10T23:21:49.019000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-20835	date:	2017-07-20T00:00:00
db:	JVNDB	id:	JVNDB-2006-003152	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200712-418	date:	2021-12-20T00:00:00
db:	NVD	id:	CVE-2006-4727	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-20835	date:	2006-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2006-003152	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200712-418	date:	2006-12-31T00:00:00
db:	NVD	id:	CVE-2006-4727	date:	2006-12-31T05:00:00