{"id": "CVE-2006-1361", "bulletinFamily": "NVD", "title": "CVE-2006-1361", "description": "Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml.\nThis vulnerability is addressed in the following product release:\r\nOSWiki, OSWiki, 0.3.1", "published": "2006-03-23T11:06:00", "modified": "2017-07-20T01:30:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1361", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/25410", "http://secunia.com/advisories/19290", "http://www.securityfocus.com/bid/17189", "http://www.vupen.com/english/advisories/2006/1035", "http://svn.sourceforge.net/viewcvs.cgi/opensourcewiki/branches/0.3/oswiki/app/views/user/list.rhtml?view=log"], "cvelist": ["CVE-2006-1361"], "type": "cve", "lastseen": "2020-12-09T19:23:45", "edition": 5, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:24026"]}], "modified": "2020-12-09T19:23:45", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2020-12-09T19:23:45", "rev": 2}, "vulnersScore": 4.1}, "cpe": ["cpe:/a:oswiki:oswiki:0.3"], "affectedSoftware": [{"cpeName": "oswiki:oswiki", "name": "oswiki", "operator": "le", "version": "0.3"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:oswiki:oswiki:0.3:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oswiki:oswiki:0.3:*:*:*:*:*:*:*", "versionEndIncluding": "0.3", "vulnerable": true}], "operator": "OR"}]}}

{"osvdb": [{"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-1361"], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=403313\nVendor Specific News/Changelog Entry: http://svn.sourceforge.net/viewcvs.cgi/opensourcewiki/trunk/oswiki/app/views/user/list.rhtml?r1=22&r2=21&pathrev=22\nVendor Specific News/Changelog Entry: http://svn.sourceforge.net/viewcvs.cgi/opensourcewiki/trunk/oswiki/app/views/user/show.rhtml?r1=22&r2=21&pathrev=22\n[Secunia Advisory ID:19290](https://secuniaresearch.flexerasoftware.com/advisories/19290/)\nFrSIRT Advisory: ADV-2006-1035\n[CVE-2006-1361](https://vulners.com/cve/CVE-2006-1361)\nBugtraq ID: 17189\n", "modified": "2006-03-20T04:02:37", "published": "2006-03-20T04:02:37", "href": "https://vulners.com/osvdb/OSVDB:24026", "id": "OSVDB:24026", "type": "osvdb", "title": "OSWiki username Display XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}