{"type": "osvdb", "published": "2006-06-13T09:33:58", "href": "https://vulners.com/osvdb/OSVDB:26423", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "viewCount": 0, "edition": 1, "reporter": "r0t(krustevs@googlemail.com)", "title": "EvGenius Counter monthly.php page Variable XSS", "affectedSoftware": [{"operator": "eq", "version": "3.4", "name": "EvGenius Counter"}], "enchantments": {"score": {"value": 4.5, "vector": "NONE", "modified": "2017-04-28T13:20:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3024"]}, {"type": "osvdb", "idList": ["OSVDB:26424"]}], "modified": "2017-04-28T13:20:23", "rev": 2}, "vulnersScore": 4.5}, "references": [], "id": "OSVDB:26423", "lastseen": "2017-04-28T13:20:23", "cvelist": ["CVE-2006-3024"], "modified": "2006-06-13T09:33:58", "description": "## Vulnerability Description\nEvGenius Counter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the monthly.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nEvGenius Counter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the monthly.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://counter.evgenius.net/\nSecurity Tracker: 1016281\n[Secunia Advisory ID:20546](https://secuniaresearch.flexerasoftware.com/advisories/20546/)\n[Related OSVDB ID: 26424](https://vulners.com/osvdb/OSVDB:26424)\nOther Advisory URL: http://pridels.blogspot.com/2006/06/evgenius-counter-xss-vuln.html\nISS X-Force ID: 27078\nFrSIRT Advisory: ADV-2006-2309\n[CVE-2006-3024](https://vulners.com/cve/CVE-2006-3024)\n"}

{"cve": [{"lastseen": "2020-12-09T19:23:46", "description": "Multiple cross-site scripting (XSS) vulnerabilities in EvGenius Counter 3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) monthly.php and (2) daily.php.", "edition": 5, "cvss3": {}, "published": "2006-06-15T10:02:00", "title": "CVE-2006-3024", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3024"], "modified": "2017-07-20T01:31:00", "cpe": ["cpe:/a:evgenius:evgenius_counter:3.4"], "id": "CVE-2006-3024", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3024", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:evgenius:evgenius_counter:3.4:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "cvelist": ["CVE-2006-3024"], "edition": 1, "description": "## Vulnerability Description\nEvGenius Counter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the daily.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nEvGenius Counter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the daily.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://counter.evgenius.net/\nSecurity Tracker: 1016281\n[Secunia Advisory ID:20546](https://secuniaresearch.flexerasoftware.com/advisories/20546/)\n[Related OSVDB ID: 26423](https://vulners.com/osvdb/OSVDB:26423)\nOther Advisory URL: http://pridels.blogspot.com/2006/06/evgenius-counter-xss-vuln.html\nISS X-Force ID: 27078\nFrSIRT Advisory: ADV-2006-2309\n[CVE-2006-3024](https://vulners.com/cve/CVE-2006-3024)\n", "modified": "2006-06-13T09:33:58", "published": "2006-06-13T09:33:58", "href": "https://vulners.com/osvdb/OSVDB:26424", "id": "OSVDB:26424", "type": "osvdb", "title": "EvGenius Counter daily.php page Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}