ID CVE-2006-1373Type cveReporter NVDModified 2017-07-19T21:30:32
Description
Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.
{"id": "CVE-2006-1373", "bulletinFamily": "NVD", "title": "CVE-2006-1373", "description": "Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.", "published": "2006-03-23T21:02:00", "modified": "2017-07-19T21:30:32", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1373", "reporter": "NVD", "references": ["http://www.vupen.com/english/advisories/2006/1054", "https://exchange.xforce.ibmcloud.com/vulnerabilities/25386", "http://www.securityfocus.com/archive/1/archive/1/428452/100/0/threaded", "http://www.securityfocus.com/bid/17184"], "cvelist": ["CVE-2006-1373"], "type": "cve", "lastseen": "2017-07-20T10:49:10", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:php_live:php_live:3.0", "cpe:/a:php_live:php_live:2.8.1"], "cvelist": ["CVE-2006-1373"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.", "edition": 1, "enchantments": {}, "hash": "5243c204101706d3404c7c00dea9438244f6d64aa85a99e87e6b90e7e62f6974", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "1d2bbfd3001895e004c0837194cf9991", "key": "description"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "f3925e9519735ba391d24a96f1b9be91", "key": "cpe"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "efbce2104caacf01dbb8abd41f4a63aa", "key": "references"}, {"hash": "02c17e7e6f1671991eb5a93956bf9960", "key": "modified"}, {"hash": "9e6327e903720a740ada2619a5c3de36", "key": "title"}, {"hash": "d5651f84c83341c13bf10e8dd2361294", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "48d071b628cf1db9d75721213daaf494", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0d4776ee285f84b4d0fab2554cc5c44c", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1373", "id": "CVE-2006-1373", "lastseen": "2016-09-03T06:40:07", "modified": "2011-03-07T21:32:54", "objectVersion": "1.2", "published": "2006-03-23T21:02:00", "references": ["http://www.vupen.com/english/advisories/2006/1054", "http://xforce.iss.net/xforce/xfdb/25386", "http://www.securityfocus.com/archive/1/archive/1/428452/100/0/threaded", "http://www.securityfocus.com/bid/17184"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-1373", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:40:07"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f3925e9519735ba391d24a96f1b9be91"}, {"key": "cvelist", "hash": "d5651f84c83341c13bf10e8dd2361294"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "1d2bbfd3001895e004c0837194cf9991"}, {"key": "href", "hash": "0d4776ee285f84b4d0fab2554cc5c44c"}, {"key": "modified", "hash": "bb74a3925ee3335020fa58e8554665a8"}, {"key": "published", "hash": "48d071b628cf1db9d75721213daaf494"}, {"key": "references", "hash": "c7a9ef81947f0245f8f1eb91c90ce311"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "9e6327e903720a740ada2619a5c3de36"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "66a15fa9a153cb29e1a031ee441d4c9c4f3af72c8d6abc41b94010515a1cd8a7", "viewCount": 0, "enchantments": {"vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:php_live:php_live:3.0", "cpe:/a:php_live:php_live:2.8.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"exploitdb": [{"id": "EDB-ID:27453", "type": "exploitdb", "title": "PHP Live! 3.0 Status_Image.PHP Cross-Site Scripting Vulnerability", "description": "PHP Live! 3.0 Status_Image.PHP Cross-Site Scripting Vulnerability. CVE-2006-1373. Webapps exploit for php platform", "published": "2006-03-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/27453/", "cvelist": ["CVE-2006-1373"], "lastseen": "2016-02-03T05:58:21"}], "osvdb": [{"id": "OSVDB:24054", "type": "osvdb", "title": "PHP Live! status_image.php base_url Variable XSS", "description": "## Manual Testing Notes\n/phplive/js/status_image.php?base_url=<script>alert(document.cookie)</script>\n## References:\nVendor URL: http://www.phplivesupport.com/\n[Secunia Advisory ID:19340](https://secuniaresearch.flexerasoftware.com/advisories/19340/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-03/0408.html\nFrSIRT Advisory: ADV-2006-1054\n[CVE-2006-1373](https://vulners.com/cve/CVE-2006-1373)\nBugtraq ID: 17184\n", "published": "2006-03-22T03:17:35", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:24054", "cvelist": ["CVE-2006-1373"], "lastseen": "2017-04-28T13:20:20"}]}}
