ID OSVDB:26422
Type osvdb
Reporter OSVDB
Modified 2006-06-09T09:18:59
Description
Manual Testing Notes
http://[target]/myphp/index.php?lang="<script>alert(1337)</script>
References:
Vendor URL: http://www.networkarea.ch/php_mysql_guestbook.html
Secunia Advisory ID:20572
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0190.html
FrSIRT Advisory: ADV-2006-2308
CVE-2006-3062
{"type": "osvdb", "published": "2006-06-09T09:18:59", "href": "https://vulners.com/osvdb/OSVDB:26422", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 2.6}, "viewCount": 2, "edition": 1, "reporter": "OSVDB", "title": "myPHP Guestbook index.php lang Variable XSS", "affectedSoftware": [], "enchantments": {"score": {"value": 4.5, "vector": "NONE", "modified": "2017-04-28T13:20:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3062"]}], "modified": "2017-04-28T13:20:23", "rev": 2}, "vulnersScore": 4.5}, "references": [], "id": "OSVDB:26422", "lastseen": "2017-04-28T13:20:23", "cvelist": ["CVE-2006-3062"], "modified": "2006-06-09T09:18:59", "description": "## Manual Testing Notes\nhttp://[target]/myphp/index.php?lang=\"<script>alert(1337)</script>\n## References:\nVendor URL: http://www.networkarea.ch/php_mysql_guestbook.html\n[Secunia Advisory ID:20572](https://secuniaresearch.flexerasoftware.com/advisories/20572/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0190.html\nFrSIRT Advisory: ADV-2006-2308\n[CVE-2006-3062](https://vulners.com/cve/CVE-2006-3062)\n"}
{"cve": [{"lastseen": "2020-10-03T11:48:16", "description": "Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.", "edition": 3, "cvss3": {}, "published": "2006-06-19T10:02:00", "title": "CVE-2006-3062", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3062"], "modified": "2018-10-18T16:45:00", "cpe": ["cpe:/a:myphp_guestbook:myphp_guestbook:2.0.4"], "id": "CVE-2006-3062", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3062", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:myphp_guestbook:myphp_guestbook:2.0.4:*:*:*:*:*:*:*"]}]}
