Search...

CVE-2006-3245

2006-06-27T06:05:00

ID CVE-2006-3245
Type cve
Reporter NVD
Modified 2017-07-19T21:32:10

Description

Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-3245", "bulletinFamily": "NVD", "title": "CVE-2006-3245", "description": "Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.", "published": "2006-06-27T06:05:00", "modified": "2017-07-19T21:32:10", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3245", "reporter": "NVD", "references": ["http://www.vupen.com/english/advisories/2006/2531", "http://www.securityfocus.com/bid/18663", "http://pridels0.blogspot.com/2006/06/mvnforum-xss-vuln.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/27370"], "cvelist": ["CVE-2006-3245"], "type": "cve", "lastseen": "2017-07-20T10:49:23", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:mvnforum:mvnforum:1.0.0_rc4", "cpe:/a:mvnforum:mvnforum:1.0_ga", "cpe:/a:mvnforum:mvnforum:1.0.0_rc4_04", "cpe:/a:mvnforum:mvnforum:1.0.0_beta3", "cpe:/a:mvnforum:mvnforum:1.0.0_beta1", "cpe:/a:mvnforum:mvnforum:1.0.0_beta2", "cpe:/a:mvnforum:mvnforum:1.0.0_rc2", "cpe:/a:mvnforum:mvnforum:1.0.0_rc1", "cpe:/a:mvnforum:mvnforum:1.0.0_rc3_01"], "cvelist": ["CVE-2006-3245"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.", "edition": 1, "enchantments": {}, "hash": "ea82947567a047d5391a206147477105c8470184ea09913713291c7500f86d2a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "cfe102fbb5942561a54b3ffade5736b1", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "acfe939e291a1b021c7ecddb53e995ea", "key": "cpe"}, {"hash": "45f35cd62fc1edda9219cd6ee255f7aa", "key": "title"}, {"hash": "7de35a348a0562c7c2cac7b36eb3863d", "key": "cvss"}, {"hash": "34d5d274d141ca6b98e7e2514defb3e3", "key": "href"}, {"hash": "9d5a54254f0a7130469d35a406fbea9e", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "594e57de52d8d1001581e7cd4b95fa43", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "97ad115d1717e84fb60109b88dd7b323", "key": "cvelist"}, {"hash": "fceec77aa42b1ebaed7f9f70f003d8a3", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3245", "id": "CVE-2006-3245", "lastseen": "2016-09-03T07:09:42", "modified": "2011-03-07T21:38:09", "objectVersion": "1.2", "published": "2006-06-27T06:05:00", "references": ["http://www.vupen.com/english/advisories/2006/2531", "http://www.securityfocus.com/bid/18663", "http://pridels0.blogspot.com/2006/06/mvnforum-xss-vuln.html", "http://xforce.iss.net/xforce/xfdb/27370"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-3245", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:09:42"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "acfe939e291a1b021c7ecddb53e995ea"}, {"key": "cvelist", "hash": "97ad115d1717e84fb60109b88dd7b323"}, {"key": "cvss", "hash": "7de35a348a0562c7c2cac7b36eb3863d"}, {"key": "description", "hash": "594e57de52d8d1001581e7cd4b95fa43"}, {"key": "href", "hash": "34d5d274d141ca6b98e7e2514defb3e3"}, {"key": "modified", "hash": "392a8f05b57d692623b22b2bdcf6faff"}, {"key": "published", "hash": "fceec77aa42b1ebaed7f9f70f003d8a3"}, {"key": "references", "hash": "1c6865fdbdabcffc956cec20b687b61b"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "45f35cd62fc1edda9219cd6ee255f7aa"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "9cff7e924a2a387ad787a45c3fb30e5702ebe5511c1ad75e6e794124f5e4f170", "viewCount": 0, "enchantments": {"vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:mvnforum:mvnforum:1.0.0_rc4", "cpe:/a:mvnforum:mvnforum:1.0_ga", "cpe:/a:mvnforum:mvnforum:1.0.0_rc4_04", "cpe:/a:mvnforum:mvnforum:1.0.0_beta3", "cpe:/a:mvnforum:mvnforum:1.0.0_beta1", "cpe:/a:mvnforum:mvnforum:1.0.0_beta2", "cpe:/a:mvnforum:mvnforum:1.0.0_rc2", "cpe:/a:mvnforum:mvnforum:1.0.0_rc1", "cpe:/a:mvnforum:mvnforum:1.0.0_rc3_01"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"osvdb": [{"id": "OSVDB:26833", "type": "osvdb", "title": "mvnForum activatemember Multiple Variable XSS", "description": "## Manual Testing Notes\n/mvnForum/activatemember?activatecode=&member=%22%3Cscript%3Ealert('r0t')%3C/script%3E\n\n/mvnForum/activatemember?activatecode=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E\n## References:\nVendor URL: http://www.mvnforum.com/\n[Secunia Advisory ID:20803](https://secuniaresearch.flexerasoftware.com/advisories/20803/)\nOther Advisory URL: http://pridels.blogspot.com/2006/06/mvnforum-xss-vuln.html\nFrSIRT Advisory: ADV-2006-2531\n[CVE-2006-3245](https://vulners.com/cve/CVE-2006-3245)\nBugtraq ID: 18663\n", "published": "2006-06-24T12:34:05", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:26833", "cvelist": ["CVE-2006-3245"], "lastseen": "2017-04-28T13:20:23"}], "exploitdb": [{"id": "EDB-ID:28110", "type": "exploitdb", "title": "MVNForum Activatemember 1.0 - Cross-Site Scripting Vulnerability", "description": "MVNForum Activatemember 1.0 Cross-Site Scripting Vulnerability. CVE-2006-3245. Webapps exploit for php platform", "published": "2006-06-26T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/28110/", "cvelist": ["CVE-2006-3245"], "lastseen": "2016-02-03T07:26:47"}], "nessus": [{"id": "MVNFORUM_ACTIVATEMEMBER_XSS.NASL", "type": "nessus", "title": "mvnForum activatemember Multiple Parameter XSS", "description": "The remote host is running mvnForum, an open source, forum application based on Java J2EE. \n\nThe version of mvnForum installed on the remote host fails to sanitize user-supplied input to the 'activatecode' and 'member' parameters of the 'activatemember' script before using it to generate dynamic web content. Successful exploitation of this issue may lead to the execution of arbitrary HTML and script code in a user's browser within the context of the affected application.", "published": "2006-06-27T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21757", "cvelist": ["CVE-2006-3245"], "lastseen": "2017-10-29T13:38:33"}]}}