Search...

CVE-2006-1361

2006-03-23T11:06:00

ID CVE-2006-1361
Type cve
Reporter cve@mitre.org
Modified 2017-07-20T01:30:00

Description

Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml. This vulnerability is addressed in the following product release: OSWiki, OSWiki, 0.3.1

JSON Vulners Source

Initial Source

{"id": "CVE-2006-1361", "bulletinFamily": "NVD", "title": "CVE-2006-1361", "description": "Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml.\nThis vulnerability is addressed in the following product release:\r\nOSWiki, OSWiki, 0.3.1", "published": "2006-03-23T11:06:00", "modified": "2017-07-20T01:30:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1361", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/25410", "http://secunia.com/advisories/19290", "http://www.securityfocus.com/bid/17189", "http://www.vupen.com/english/advisories/2006/1035", "http://svn.sourceforge.net/viewcvs.cgi/opensourcewiki/branches/0.3/oswiki/app/views/user/list.rhtml?view=log"], "cvelist": ["CVE-2006-1361"], "type": "cve", "lastseen": "2019-05-29T18:08:31", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "ef7a8bea9051cac17edcd4f6813430b2"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "d09613dee295d22ff0c589a29d8e5d21"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "1376299678e4b22a45cbb6e661929c18"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "60d29a8d203b6786e4b9aeea98fd77fd"}, {"key": "href", "hash": "c318da972ab923193ca36f2b5c0e6997"}, {"key": "modified", "hash": "6b0619a3e655794e0911204a98b14355"}, {"key": "published", "hash": "86d37aa4ccc65298eccd4b66e7afc815"}, {"key": "references", "hash": "2755fee989fd21dcfaf678487c26a8e7"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "05208ff230e61e6a28fee8d17a6f86de"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b7eee07c7a135412f482b02f9acddb9a5688a656490e942d512fe2c6f7f92214", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:24026"]}], "modified": "2019-05-29T18:08:31"}, "score": {"value": 4.1, "vector": "NONE", "modified": "2019-05-29T18:08:31"}, "vulnersScore": 4.1}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "oswiki oswiki", "operator": "le", "version": "0.3"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": [], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 0.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=403313\nVendor Specific News/Changelog Entry: http://svn.sourceforge.net/viewcvs.cgi/opensourcewiki/trunk/oswiki/app/views/user/list.rhtml?r1=22&r2=21&pathrev=22\nVendor Specific News/Changelog Entry: http://svn.sourceforge.net/viewcvs.cgi/opensourcewiki/trunk/oswiki/app/views/user/show.rhtml?r1=22&r2=21&pathrev=22\n[Secunia Advisory ID:19290](https://secuniaresearch.flexerasoftware.com/advisories/19290/)\nFrSIRT Advisory: ADV-2006-1035\n[CVE-2006-1361](https://vulners.com/cve/CVE-2006-1361)\nBugtraq ID: 17189\n", "modified": "2006-03-20T04:02:37", "published": "2006-03-20T04:02:37", "href": "https://vulners.com/osvdb/OSVDB:24026", "id": "OSVDB:24026", "type": "osvdb", "title": "OSWiki username Display XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}