Search...

CVE-2006-4608

2006-09-06T20:04:00

ID CVE-2006-4608
Type cve
Reporter NVD
Modified 2017-10-10T21:31:14

Description

Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-4608", "bulletinFamily": "NVD", "title": "CVE-2006-4608", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.", "published": "2006-09-06T20:04:00", "modified": "2017-10-10T21:31:14", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4608", "reporter": "NVD", "references": ["http://securityreason.com/securityalert/1499", "http://www.securityfocus.com/archive/1/archive/1/502637/100/0/threaded", "http://www.attrition.org/pipermail/vim/2009-April/002167.html", "http://www.securityfocus.com/bid/19818", "https://www.exploit-db.com/exploits/8425", "http://www.securityfocus.com/archive/1/archive/1/445007/100/0/threaded"], "cvelist": ["CVE-2006-4608"], "type": "cve", "lastseen": "2017-10-11T11:06:46", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:longino:jacome_php-revista:1.1.2"], "cvelist": ["CVE-2006-4608"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.", "edition": 1, "enchantments": {}, "hash": "1ed576975d55f8cd043d85799ca256173e1ed48caa0b0d7aff208c93b5a7342b", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "67f7e79c36c79708156028e85a848eee", "key": "title"}, {"hash": "caa8b23103c8f2b125e0a1ef7fecd804", "key": "published"}, {"hash": "9746b44bc79c00fc8a58c22392ca8f86", "key": "modified"}, {"hash": "665f54c1fd5caceec877c5902ba38f4f", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "d63a0b552235492d81c2e16a9987508f", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "754b13d2158fdd493b790d1a2d26ba03", "key": "cpe"}, {"hash": "c82ad2bc9029174fea75f62802ca2faf", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "8eae7d30b0d8d692637202994724bce1", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4608", "id": "CVE-2006-4608", "lastseen": "2016-09-03T07:30:53", "modified": "2009-04-18T01:06:32", "objectVersion": "1.2", "published": "2006-09-06T20:04:00", "references": ["http://securityreason.com/securityalert/1499", "http://www.milw0rm.com/exploits/8425", "http://www.securityfocus.com/archive/1/archive/1/502637/100/0/threaded", "http://www.attrition.org/pipermail/vim/2009-April/002167.html", "http://www.securityfocus.com/bid/19818", "http://www.securityfocus.com/archive/1/archive/1/445007/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-4608", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:30:53"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "754b13d2158fdd493b790d1a2d26ba03"}, {"key": "cvelist", "hash": "8eae7d30b0d8d692637202994724bce1"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "665f54c1fd5caceec877c5902ba38f4f"}, {"key": "href", "hash": "d63a0b552235492d81c2e16a9987508f"}, {"key": "modified", "hash": "b5fb4ab879ab7aec171e89054970eb57"}, {"key": "published", "hash": "caa8b23103c8f2b125e0a1ef7fecd804"}, {"key": "references", "hash": "91af11bd26bbb9842f537d934141bde7"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "67f7e79c36c79708156028e85a848eee"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "281a7a8e64ec9f77fb92886baa751182dc001ce16d81bc3b3aa1c8d6e77f4f53", "viewCount": 0, "enchantments": {"vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:longino:jacome_php-revista:1.1.2"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"osvdb": [{"id": "OSVDB:28450", "type": "osvdb", "title": "php-revista busqueda.php cadena Variable XSS", "description": "## Vulnerability Description\nphp-revista contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cadena' variable upon submission to the 'busqueda.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphp-revista contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cadena' variable upon submission to the 'busqueda.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/estilo/[ANY STYLE]/busqueda.php?cadena=<XSS>\n## References:\nVendor URL: http://php-revista.sourceforge.org/\n[Secunia Advisory ID:21738](https://secuniaresearch.flexerasoftware.com/advisories/21738/)\n[Related OSVDB ID: 28443](https://vulners.com/osvdb/OSVDB:28443)\n[Related OSVDB ID: 28445](https://vulners.com/osvdb/OSVDB:28445)\n[Related OSVDB ID: 28448](https://vulners.com/osvdb/OSVDB:28448)\n[Related OSVDB ID: 28446](https://vulners.com/osvdb/OSVDB:28446)\n[Related OSVDB ID: 28449](https://vulners.com/osvdb/OSVDB:28449)\n[Related OSVDB ID: 28451](https://vulners.com/osvdb/OSVDB:28451)\n[Related OSVDB ID: 28452](https://vulners.com/osvdb/OSVDB:28452)\n[Related OSVDB ID: 28447](https://vulners.com/osvdb/OSVDB:28447)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0017.html\n[CVE-2006-4608](https://vulners.com/cve/CVE-2006-4608)\nBugtraq ID: 19818\n", "published": "2006-09-01T05:34:21", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:28450", "cvelist": ["CVE-2006-4608"], "lastseen": "2017-04-28T13:20:24"}], "exploitdb": [{"id": "EDB-ID:8425", "type": "exploitdb", "title": "php-revista 1.1.2 rfi/sqli/cb/XSS Multiple Vulnerabilities", "description": "PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities. CVE-2006-4605,CVE-2006-4606,CVE-2006-4607,CVE-2006-4608. Webapps exploit for php platform", "published": "2009-04-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/8425/", "cvelist": ["CVE-2006-4607", "CVE-2006-4608", "CVE-2006-4606", "CVE-2006-4605"], "lastseen": "2016-02-01T05:29:57"}]}}