CVE-2006-3259

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/18560	Exploit
http://secunia.com/advisories/20727	Exploit Vendor Advisory
http://www.securityfocus.com/bid/18508
http://securityreason.com/securityalert/1151
http://www.vupen.com/english/advisories/2006/2460
https://exchange.xforce.ibmcloud.com/vulnerabilities/27242
https://exchange.xforce.ibmcloud.com/vulnerabilities/27240
http://www.securityfocus.com/archive/1/437649/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:e107:e107:0.547_beta:::::::*
	cpe:2.3:a:e107:e107:0.548_beta:::::::*
	cpe:2.3:a:e107:e107:0.555_beta:::::::*
	cpe:2.3:a:e107:e107:0.6_10:::::::*
	cpe:2.3:a:e107:e107:0.600:::::::*
	cpe:2.3:a:e107:e107:0.601:::::::*
	cpe:2.3:a:e107:e107:0.609:::::::*
	cpe:2.3:a:e107:e107:0.610:::::::*
	cpe:2.3:a:e107:e107:0.616:::::::*
	cpe:2.3:a:e107:e107:0.617:::::::*
	cpe:2.3:a:e107:e107:0.7.1:::::::*
	cpe:2.3:a:e107:e107:0.551_beta:::::::*
	cpe:2.3:a:e107:e107:0.6174:::::::*
	cpe:2.3:a:e107:e107:0.549_beta:::::::*
	cpe:2.3:a:e107:e107:0.6173:::::::*
	cpe:2.3:a:e107:e107:0.7.2:::::::*
	cpe:2.3:a:e107:e107:0.606:::::::*
	cpe:2.3:a:e107:e107:0.602:::::::*
	cpe:2.3:a:e107:e107:0.6_12:::::::*
	cpe:2.3:a:e107:e107:0.553_beta:::::::*
	cpe:2.3:a:e107:e107:0.6_13:::::::*
	cpe:2.3:a:e107:e107:0.552_beta:::::::*
	cpe:2.3:a:e107:e107:0.613:::::::*
	cpe:2.3:a:e107:e107:0.604:::::::*
	cpe:2.3:a:e107:e107:0.603:::::::*
	cpe:2.3:a:e107:e107:0.614:::::::*
	cpe:2.3:a:e107:e107:0.6172:::::::*
	cpe:2.3:a:e107:e107:0.6_14:::::::*
	cpe:2.3:a:e107:e107:0.611:::::::*
	cpe:2.3:a:e107:e107:0.605:::::::*
	cpe:2.3:a:e107:e107:0.612:::::::*
	cpe:2.3:a:e107:e107:0.6171:::::::*
	cpe:2.3:a:e107:e107:0.6_11:::::::*
	cpe:2.3:a:e107:e107:0.6175:::::::*
	cpe:2.3:a:e107:e107:0.615a:::::::*
	cpe:2.3:a:e107:e107:0.6_15:::::::*
	cpe:2.3:a:e107:e107:0.7.4:::::::*
	cpe:2.3:a:e107:e107:0.607:::::::*
	cpe:2.3:a:e107:e107:0.554:::::::*
	cpe:2.3:a:e107:e107:0.545:::::::*
	cpe:2.3:a:e107:e107:0.7:::::::*
	cpe:2.3:a:e107:e107:0.554_beta:::::::*
	cpe:2.3:a:e107:e107:0.615:::::::*
	cpe:2.3:a:e107:e107:0.6_15a:::::::*
	cpe:2.3:a:e107:e107:0.608:::::::*
	cpe:2.3:a:e107:e107::::::::
	cpe:2.3:a:e107:e107:0.7.3:::::::*

Information

Published : 2006-06-27 14:05

Updated : 2018-10-18 09:46

NVD link : CVE-2006-3259

Mitre link : CVE-2006-3259

JSON object : View

CWE

NVD-CWE-Other

Products Affected

e107

e107

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/18560", "name": "18560", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/20727", "name": "20727", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/18508", "name": "18508", "tags": [], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/1151", "name": "1151", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/2460", "name": "ADV-2006-2460", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27242", "name": "e107-subject-xss(27242)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27240", "name": "e107-search-xss(27240)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/437649/100/0/threaded", "name": "20060618 e107 v0.7.5 XSS", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3259", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-06-27T21:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:e107:e107:0.547_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.548_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.555_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6_10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.551_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.549_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6_12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.553_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6_13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.552_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6_14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6_11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6_15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.554_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.6_15a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.7.5"}, {"cpe23Uri": "cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:46Z"}

4.3 /10