CVE-2006-2066

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.nukedx.com/?viewdoc=26", "name": "http://www.nukedx.com/?viewdoc=26", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1015977", "name": "1015977", "tags": ["Exploit"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/19786", "name": "19786", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/17651", "name": "17651", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/24901", "name": "24901", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/20232", "name": "20232", "tags": [], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/801", "name": "801", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/1485", "name": "ADV-2006-1485", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/447303/100/0/threaded", "name": "20060928 Re: xxs in MKPortal M1.1", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/447195/100/0/threaded", "name": "20060927 MkPortal Cross Site Scripting (All versions) xSS", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/431759/100/0/threaded", "name": "20060421 vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability.", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2066", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-04-27T13:34Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mkportal:mkportal:1.1_rc1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:37Z"}