CVE-2006-1969

medium

Description

Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25940

http://www.vupen.com/english/advisories/2006/1440

http://www.securityfocus.com/bid/17628

http://www.osvdb.org/24763

http://secunia.com/advisories/19695

http://pridels0.blogspot.com/2006/04/portal-pack-6-xss-vuln.html

Details

Source: Mitre, NVD

Published: 2006-04-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00507