ID CVE-2006-2874Type cveReporter cve@mitre.orgModified 2017-07-20T01:31:00
Description
Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting (XSS) vulnerability involving comments.
{"id": "CVE-2006-2874", "bulletinFamily": "NVD", "title": "CVE-2006-2874", "description": "Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a \"Security Leak to lock in HTML-Code,\" possibly due to a cross-site scripting (XSS) vulnerability involving comments.", "published": "2006-06-06T20:06:00", "modified": "2017-07-20T01:31:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2874", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/20441", "http://www.securityfocus.com/bid/18280", "http://sourceforge.net/project/shownotes.php?release_id=422081", "https://exchange.xforce.ibmcloud.com/vulnerabilities/26914", "http://www.vupen.com/english/advisories/2006/2143", "http://osads.sourceforge.net/viewtopic.php?t=3"], "cvelist": ["CVE-2006-2874"], "type": "cve", "lastseen": "2019-05-29T18:08:32", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "aa8d6a583640d402bad89319a0deb62f"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "3697a1f5a132d427f182d76f0d730f6e"}, {"key": "cpe23", "hash": "ed997686c5db5f1f0b6b897a1fb194ca"}, {"key": "cvelist", "hash": "8c63b240dc99c1144f2f7234c0ef8c74"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "1376299678e4b22a45cbb6e661929c18"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "ac8f4f2f60890cbdfc2cc1ed21e3bf93"}, {"key": "href", "hash": "7c2ffb39c3f276559a61864a0a616c2b"}, {"key": "modified", "hash": "772385440fbfe774ea23f6f8ee34966e"}, {"key": "published", "hash": "db2b6b4ec5fd26e7259f7ba6b9e7a440"}, {"key": "references", "hash": "60acdb96ff5f1c20ab5f828fc52a7b68"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "c9ff51e5b25d9e16d3a8d57d20773c8d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "56a3feeab30cc1fe1c08e232a8a84c9f8fcca7a963a8dea8cb39f4d29ea1755b", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:25984"]}], "modified": "2019-05-29T18:08:32"}, "score": {"value": 6.0, "vector": "NONE", "modified": "2019-05-29T18:08:32"}, "vulnersScore": 6.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:osads_alliance_database:osads_alliance_database:1.2", "cpe:/a:osads_alliance_database:osads_alliance_database:1.1", "cpe:/a:osads_alliance_database:osads_alliance_database:1.3"], "affectedSoftware": [{"name": "osads_alliance_database osads_alliance_database", "operator": "eq", "version": "1.2"}, {"name": "osads_alliance_database osads_alliance_database", "operator": "eq", "version": "1.1"}, {"name": "osads_alliance_database osads_alliance_database", "operator": "eq", "version": "1.3"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:osads_alliance_database:osads_alliance_database:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:osads_alliance_database:osads_alliance_database:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:osads_alliance_database:osads_alliance_database:1.2:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://osads.sourceforge.net/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=422081\n[Secunia Advisory ID:20441](https://secuniaresearch.flexerasoftware.com/advisories/20441/)\nFrSIRT Advisory: ADV-2006-2143\n[CVE-2006-2874](https://vulners.com/cve/CVE-2006-2874)\nBugtraq ID: 18280\n", "modified": "2006-06-03T10:05:21", "published": "2006-06-03T10:05:21", "href": "https://vulners.com/osvdb/OSVDB:25984", "id": "OSVDB:25984", "type": "osvdb", "title": "OSADS Board Comment Body XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
