Lucene search

[email protected]CVE-2006-5036

HistorySep 27, 2006 - 11:07 p.m.

CVE-2006-5036

2006-09-2723:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mysource

matrix

security vulnerability

http proxy

xss

remote attack

cve-2006-5036

6.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server’s IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.

CPENameOperatorVersion
squiz:mysource_classicsquiz mysource classicle2.16.2
squiz:mysource_matrixsquiz mysource matrixle3.8

CPE	Name	Operator	Version
squiz:mysource_classic	squiz mysource classic	le	2.16.2
squiz:mysource_matrix	squiz mysource matrix	le	3.8

References

secunia.com/advisories/22060

securityreason.com/securityalert/1635

www.aushack.com/advisories/200607-mysourcematrix.txt

www.securityfocus.com/archive/1/446722/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/29112

6.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON