ID CVE-2006-1806Type cveReporter NVDModified 2018-10-18T12:36:34
Description
Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.
{"id": "CVE-2006-1806", "bulletinFamily": "NVD", "title": "CVE-2006-1806", "description": "Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.", "published": "2006-04-18T06:02:00", "modified": "2018-10-18T12:36:34", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1806", "reporter": "NVD", "references": ["http://www.securityfocus.com/archive/1/441000/100/0/threaded", "http://www.securityfocus.com/bid/17545", "http://www.vupen.com/english/advisories/2006/1373", "https://exchange.xforce.ibmcloud.com/vulnerabilities/25835", "http://pridels0.blogspot.com/2006/04/musicbox-vuln.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/27925"], "cvelist": ["CVE-2006-1806"], "type": "cve", "lastseen": "2018-10-19T11:35:58", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:musicbox:musicbox:2.3.3"], "cvelist": ["CVE-2006-1806"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.", "edition": 2, "enchantments": {"score": {"modified": "2017-07-20T10:49:13", "value": 4.3, "vector": "NONE"}}, "hash": "2efda183486ec115ed4e36df7db786346e69a75525a12b80527bd78205c59f91", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "7de35a348a0562c7c2cac7b36eb3863d", "key": "cvss"}, {"hash": "275b94bf71c8b3c875f46fdf65872166", "key": "modified"}, {"hash": "9f77e61c93bbc5182d22cd800d931a3a", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "abfe9dc0e810c00dee7caad60355cb65", "key": "description"}, {"hash": "1cdee4130f3426464ce23554035fd8b1", "key": "references"}, {"hash": "95330a288abd68062eb4adb877e65048", "key": "title"}, {"hash": "198d90288218ca0ef88f62b0fe0c09dd", "key": "cvelist"}, {"hash": "38ee5cad418c80e4ee46ff5c4f64deda", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3de8ab4be15208e50a1308b052648437", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1806", "id": "CVE-2006-1806", "lastseen": "2017-07-20T10:49:13", "modified": "2017-07-19T21:30:55", "objectVersion": "1.3", "published": "2006-04-18T06:02:00", "references": ["http://www.securityfocus.com/bid/17545", "http://www.vupen.com/english/advisories/2006/1373", "https://exchange.xforce.ibmcloud.com/vulnerabilities/25835", "http://www.securityfocus.com/archive/1/archive/1/441000/100/0/threaded", "http://pridels0.blogspot.com/2006/04/musicbox-vuln.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/27925"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-1806", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-20T10:49:13"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:musicbox:musicbox:2.3.3"], "cvelist": ["CVE-2006-1806"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.", "edition": 1, "enchantments": {}, "hash": "b5a056e09b9db4c6ab8c0ad4b5e830be1cff3e0319bf9afaa537e418767e1fc3", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "7de35a348a0562c7c2cac7b36eb3863d", "key": "cvss"}, {"hash": "9f77e61c93bbc5182d22cd800d931a3a", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "abfe9dc0e810c00dee7caad60355cb65", "key": "description"}, {"hash": "95330a288abd68062eb4adb877e65048", "key": "title"}, {"hash": "198d90288218ca0ef88f62b0fe0c09dd", "key": "cvelist"}, {"hash": "38ee5cad418c80e4ee46ff5c4f64deda", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3de8ab4be15208e50a1308b052648437", "key": "published"}, {"hash": "f01f393677564498e291fd55d437affb", "key": "references"}, {"hash": "5ef30e053d5d1e454155c29fd85a336a", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1806", "id": "CVE-2006-1806", "lastseen": "2016-09-03T06:47:16", "modified": "2011-03-07T21:34:08", "objectVersion": "1.2", "published": "2006-04-18T06:02:00", "references": ["http://xforce.iss.net/xforce/xfdb/27925", "http://www.securityfocus.com/bid/17545", "http://www.vupen.com/english/advisories/2006/1373", "http://xforce.iss.net/xforce/xfdb/25835", "http://www.securityfocus.com/archive/1/archive/1/441000/100/0/threaded", "http://pridels0.blogspot.com/2006/04/musicbox-vuln.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-1806", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:47:16"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9f77e61c93bbc5182d22cd800d931a3a"}, {"key": "cvelist", "hash": "198d90288218ca0ef88f62b0fe0c09dd"}, {"key": "cvss", "hash": "7de35a348a0562c7c2cac7b36eb3863d"}, {"key": "description", "hash": "abfe9dc0e810c00dee7caad60355cb65"}, {"key": "href", "hash": "38ee5cad418c80e4ee46ff5c4f64deda"}, {"key": "modified", "hash": "bfe6871627249e62c99e3bcc86260a8b"}, {"key": "published", "hash": "3de8ab4be15208e50a1308b052648437"}, {"key": "references", "hash": "d3a631608bd5a84bcc912d063d2f5184"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "95330a288abd68062eb4adb877e65048"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c70114b40bd84df8ec52a462de250ce4a75f32b91668162cd661aaca8685b753", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-10-19T11:35:58"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:24635"]}], "modified": "2018-10-19T11:35:58"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:musicbox:musicbox:2.3.3"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Manual Testing Notes\n/index.php?in=song&term=%22%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&action=search&start=0\n## References:\nVendor URL: http://www.musicboxv2.com/\n[Secunia Advisory ID:19672](https://secuniaresearch.flexerasoftware.com/advisories/19672/)\n[Related OSVDB ID: 24636](https://vulners.com/osvdb/OSVDB:24636)\nOther Advisory URL: http://pridels.blogspot.com/2006/04/musicbox-vuln.html\nFrSIRT Advisory: ADV-2006-1373\n[CVE-2006-1806](https://vulners.com/cve/CVE-2006-1806)\nBugtraq ID: 17545\n", "modified": "2006-04-16T08:32:37", "published": "2006-04-16T08:32:37", "href": "https://vulners.com/osvdb/OSVDB:24635", "id": "OSVDB:24635", "type": "osvdb", "title": "MusicBox index.php term Variable XSS", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
