CVE-2006-1854 (CNNVD-200604-295)
中文标题:
BluePay Manager 跨站脚本漏洞
英文标题:
Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote ...
漏洞描述
中文描述:
BluePay Manager 2.0 及早期版本中存在跨站脚本漏洞。这使得远程攻击者可以借助于字段(1) Account Name and (2) Username在登陆时注入任意Web脚本或HTML。注:厂商对此漏洞存有争议,称"在Bluepay 2.0中不不存在此漏洞"并且早期版本也可能没有受此影响。截至2006年5月12日,CVE并没有对此争议进行正式调查。
英文描述:
Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| bluepay | bluepay_manager | * | - | - |
cpe:2.3:a:bluepay:bluepay_manager:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
AV:N/AC:H/Au:N/C:N/I:P/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-1854 |
2025-11-11 15:17:41 | 2025-11-11 07:32:33 |
| NVD | nvd_CVE-2006-1854 |
2025-11-11 14:51:48 | 2025-11-11 07:41:18 |
| CNNVD | cnnvd_CNNVD-200604-295 |
2025-11-11 15:08:50 | 2025-11-11 07:49:06 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 跨站脚本
- cnnvd_id: 未提取 -> CNNVD-200604-295
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.LOW
- cvss_score: 未提取 -> 2.6
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:H/Au:N/C:N/I:P/A:N
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']