CVE - CVE-2006-3312

CVE-ID
CVE-2006-3312	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:18620 URL:http://www.securityfocus.com/bid/18620 BUGTRAQ:20060623 QaTraq 6.5 RC: Multiple XSS Vulnerabilities URL:http://www.securityfocus.com/archive/1/438151/100/0/threaded CONFIRM:http://www.testmanagement.com/ MISC:http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt OSVDB:27599 URL:~~http://www.osvdb.org/27599~~ (Obsolete source) OSVDB:27600 URL:~~http://www.osvdb.org/27600~~ (Obsolete source) OSVDB:27601 URL:~~http://www.osvdb.org/27601~~ (Obsolete source) OSVDB:27602 URL:~~http://www.osvdb.org/27602~~ (Obsolete source) OSVDB:27603 URL:~~http://www.osvdb.org/27603~~ (Obsolete source) OSVDB:27604 URL:~~http://www.osvdb.org/27604~~ (Obsolete source) OSVDB:27605 URL:~~http://www.osvdb.org/27605~~ (Obsolete source) OSVDB:27606 URL:~~http://www.osvdb.org/27606~~ (Obsolete source) OSVDB:27607 URL:~~http://www.osvdb.org/27607~~ (Obsolete source) OSVDB:27608 URL:~~http://www.osvdb.org/27608~~ (Obsolete source) OSVDB:27609 URL:~~http://www.osvdb.org/27609~~ (Obsolete source) OSVDB:27610 URL:~~http://www.osvdb.org/27610~~ (Obsolete source) OSVDB:27611 URL:~~http://www.osvdb.org/27611~~ (Obsolete source) OSVDB:27612 URL:~~http://www.osvdb.org/27612~~ (Obsolete source) OSVDB:27613 URL:~~http://www.osvdb.org/27613~~ (Obsolete source) OSVDB:27614 URL:~~http://www.osvdb.org/27614~~ (Obsolete source) OSVDB:27615 URL:~~http://www.osvdb.org/27615~~ (Obsolete source) OSVDB:27616 URL:~~http://www.osvdb.org/27616~~ (Obsolete source) SECTRACK:1016381 URL:http://securitytracker.com/id?1016381 SREASON:1169 URL:http://securityreason.com/securityalert/1169 VIM:20060811 QaTraq multiple cross-site scripting vulnerabilities (fwd) URL:http://www.attrition.org/pipermail/vim/2006-August/000969.html XF:qatraq-multiple-xss(27355) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27355
Assigning CNA
MITRE Corporation
Date Record Created
20060629	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060629)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)