{"id": "CVE-2006-1575", "bulletinFamily": "NVD", "title": "CVE-2006-1575", "description": "Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters.", "published": "2006-04-02T17:04:00", "modified": "2017-07-19T21:30:43", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1575", "reporter": "NVD", "references": ["http://evuln.com/vulns/113/description.html", "http://securityreason.com/securityalert/699", "http://www.securityfocus.com/bid/17335", "https://exchange.xforce.ibmcloud.com/vulnerabilities/25546", "http://www.securityfocus.com/archive/1/archive/1/430741/100/0/threaded"], "cvelist": ["CVE-2006-1575"], "type": "cve", "lastseen": "2017-07-20T10:49:12", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:vscripts.pl:qlnews:1.2"], "cvelist": ["CVE-2006-1575"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters.", "edition": 1, "enchantments": {}, "hash": "c1ced2f3561f4d751c951407e6a208d206c30b3216be4f1e1f14b6430e10504a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "4f11271bdab8bab8b16fb99cd4d032a4", "key": "description"}, {"hash": "45953cdfbc74442aee145fce2f3662c5", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "441029acf11346cdfe99aae5fc3cd50c", "key": "references"}, {"hash": "077efd33886bcae20cc9a696c5686fec", "key": "href"}, {"hash": "21300b340d2304447f95098ebf1bab97", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a8730b53b36aedc40b264c55fa5c3408", "key": "cpe"}, {"hash": "233d46285541ad019594410206086c08", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "d6fca805bfef5157872b0c85bc073064", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1575", "id": "CVE-2006-1575", "lastseen": "2016-09-03T06:43:22", "modified": "2008-09-05T17:02:17", "objectVersion": "1.2", "published": "2006-04-02T17:04:00", "references": ["http://evuln.com/vulns/113/description.html", "http://securityreason.com/securityalert/699", "http://xforce.iss.net/xforce/xfdb/25546", "http://www.securityfocus.com/bid/17335", "http://www.securityfocus.com/archive/1/archive/1/430741/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-1575", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:43:22"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "a8730b53b36aedc40b264c55fa5c3408"}, {"key": "cvelist", "hash": "d6fca805bfef5157872b0c85bc073064"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "4f11271bdab8bab8b16fb99cd4d032a4"}, {"key": "href", "hash": "077efd33886bcae20cc9a696c5686fec"}, {"key": "modified", "hash": "72f5df65bed77dfc6a12c301cdb35dd8"}, {"key": "published", "hash": "21300b340d2304447f95098ebf1bab97"}, {"key": "references", "hash": "98649e415bfc89aa834d0e42a37f8daf"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "45953cdfbc74442aee145fce2f3662c5"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "064120c4033b63a314e4f438a5467a4d69f38b1070791a8a6e8469f7db905c2a", "viewCount": 0, "enchantments": {"vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:vscripts.pl:qlnews:1.2"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"osvdb": [{"id": "OSVDB:24290", "type": "osvdb", "title": "QLnews news.php Multiple Variable XSS", "description": "## Vulnerability Description\nQLnews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'autorx' and 'newsx' variables upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nQLnews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'autorx' and 'newsx' variables upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.vscripts.pl/\n[Secunia Advisory ID:19479](https://secuniaresearch.flexerasoftware.com/advisories/19479/)\n[Related OSVDB ID: 24291](https://vulners.com/osvdb/OSVDB:24291)\nOther Advisory URL: http://evuln.com/vulns/113/summary.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0230.html\nKeyword: EV0113\nISS X-Force ID: 25546\n[CVE-2006-1575](https://vulners.com/cve/CVE-2006-1575)\nBugtraq ID: 17335\n", "published": "2006-03-30T02:02:35", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:24290", "cvelist": ["CVE-2006-1575"], "lastseen": "2017-04-28T13:20:21"}]}}