CVE-2006-3643Cross-site Scripting in Microsoft IE

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
33.1%
top 3.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedAug 9
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

Patches

Patch: www.kb.cert.orgPatch: www.us-cert.govPatch: www.kb.cert.org

🔴Vulnerability Details

3
GHSA
GHSA-wqf2-hvv7-5rc4: Cross-site scripting (XSS) vulnerability in Internet Explorer 52022-05-01
CVEList
CVE-2006-3643: Cross-site scripting (XSS) vulnerability in Internet Explorer 52006-08-09
VulnCheck
Microsoft Internet Explorer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2006
CVE-2006-3643 — Cross-site Scripting in Microsoft IE | cvebase