PT-2006-3895 · Unknown · Chemical Dictionary
Luny
·
Published
2006-06-13
·
Updated
2018-10-18
·
CVE-2006-2988
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Chemical Dictionary (affected versions not specified)
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the
keyword parameter in a browse action.Recommendations
For all affected versions, consider restricting access to the
dictionary.php file until a patch is available. As a temporary workaround, avoid using the keyword parameter in the browse action to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Chemical Dictionary