ID CVE-2006-3245 Type cve Reporter cve@mitre.org Modified 2017-07-20T01:32:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.
{"exploitdb": [{"lastseen": "2016-02-03T07:26:47", "description": "MVNForum Activatemember 1.0 Cross-Site Scripting Vulnerability. CVE-2006-3245. Webapps exploit for php platform", "published": "2006-06-26T00:00:00", "type": "exploitdb", "title": "MVNForum Activatemember 1.0 - Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-3245"], "modified": "2006-06-26T00:00:00", "id": "EDB-ID:28110", "href": "https://www.exploit-db.com/exploits/28110/", "sourceData": "source: http://www.securityfocus.com/bid/18663/info\r\n\r\nmvnForum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. \r\n\r\nAn attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nThis issue affects version 1.0 GA; other versions may also be vulnerable.\r\n\r\nExample http://www.example.com/activatemember?activatecode=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28110/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "cvelist": ["CVE-2006-3245"], "edition": 1, "description": "## Manual Testing Notes\n/mvnForum/activatemember?activatecode=&member=%22%3Cscript%3Ealert('r0t')%3C/script%3E\n\n/mvnForum/activatemember?activatecode=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E\n## References:\nVendor URL: http://www.mvnforum.com/\n[Secunia Advisory ID:20803](https://secuniaresearch.flexerasoftware.com/advisories/20803/)\nOther Advisory URL: http://pridels.blogspot.com/2006/06/mvnforum-xss-vuln.html\nFrSIRT Advisory: ADV-2006-2531\n[CVE-2006-3245](https://vulners.com/cve/CVE-2006-3245)\nBugtraq ID: 18663\n", "modified": "2006-06-24T12:34:05", "published": "2006-06-24T12:34:05", "href": "https://vulners.com/osvdb/OSVDB:26833", "id": "OSVDB:26833", "type": "osvdb", "title": "mvnForum activatemember Multiple Variable XSS", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-20T12:16:05", "description": "The remote host is running mvnForum, an open source, forum application\nbased on Java J2EE. \n\nThe version of mvnForum installed on the remote host fails to sanitize\nuser-supplied input to the 'activatecode' and 'member' parameters of\nthe 'activatemember' script before using it to generate dynamic web\ncontent. Successful exploitation of this issue may lead to the\nexecution of arbitrary HTML and script code in a user's browser within\nthe context of the affected application.", "edition": 25, "published": "2006-06-27T00:00:00", "title": "mvnForum activatemember Multiple Parameter XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3245"], "modified": "2006-06-27T00:00:00", "cpe": ["cpe:/a:mvnforum:mvnforum"], "id": "MVNFORUM_ACTIVATEMEMBER_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/21757", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21757);\n script_version(\"1.20\");\n\n script_cve_id(\"CVE-2006-3245\");\n script_bugtraq_id(18663);\n\n script_name(english:\"mvnForum activatemember Multiple Parameter XSS\");\n script_summary(english:\"Checks for an XSS flaw in mvnForum's activatemember script\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a Java application that is affected by\nseveral cross-site scripting issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running mvnForum, an open source, forum application\nbased on Java J2EE. \n\nThe version of mvnForum installed on the remote host fails to sanitize\nuser-supplied input to the 'activatecode' and 'member' parameters of\nthe 'activatemember' script before using it to generate dynamic web\ncontent. Successful exploitation of this issue may lead to the\nexecution of arbitrary HTML and script code in a user's browser within\nthe context of the affected application.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://pridels0.blogspot.com/2006/06/mvnforum-xss-vuln.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/06/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/06/24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mvnforum:mvnforum\");\nscript_end_attributes();\n\n \n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n \n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\n\n\nport = get_http_port(default:80, embedded: 0);\nif (get_kb_item(\"www/\"+port+\"/generic_xss\")) exit(0);\n\n# A simple alert.\nxss = string('\"', \"><script>alert('\", SCRIPT_NAME, \"')</script>\");\nexss = urlencode(str:xss);\n\n# Loop through various directories.\nif (thorough_tests) dirs = list_uniq(make_list(\"/mvnforum\", \"/forum\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\nforeach dir (dirs)\n{\n # Try to exploit the issue.\n w = http_send_recv3(method:\"GET\", \n item:string(\n dir, \"/activatemember?\",\n \"activatecode=&\",\n \"member=\", urlencode(str:xss)\n ),\n port:port\n );\n if (isnull(w)) exit(1, \"The web server on port \"+port+\" did not answer\");\n res = w[2];\n\n # There's a problem if...\n if (\n # it looks like mvnForum and...\n 'form action=\"activatememberprocess\"' >< res &&\n # we see our XSS.\n string('name=\"member\" value=\"', xss) >< res\n )\n {\n security_note(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}]}
