CVE-2006-2925

medium

Description

Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26978

http://www.vupen.com/english/advisories/2006/2183

http://www.ingate.com/relnote-441.php

http://securitytracker.com/id?1016245

http://securitytracker.com/id?1016244

http://secunia.com/advisories/20479

Details

Source: Mitre, NVD

Published: 2006-06-09

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00669