ID OSVDB:29228
Type osvdb
Reporter OSVDB
Modified 2006-09-26T13:48:41
Description
No description provided by the source
References:
Vendor URL: http://jaf-cms.sourceforge.net/
Secunia Advisory ID:22143
Related OSVDB ID: 29229
Related OSVDB ID: 29230
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0439.html
Mail List Post: http://www.securityfocus.com/archive/1/archive/1/447081/100/0/threaded
CVE-2006-5129
Bugtraq ID: 20225
{"enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-04-28T13:20:25", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5129"]}], "modified": "2017-04-28T13:20:25", "rev": 2}, "vulnersScore": 5.0}, "bulletinFamily": "software", "affectedSoftware": [], "references": [], "href": "https://vulners.com/osvdb/OSVDB:29228", "id": "OSVDB:29228", "title": "JAF CMS jafshout.php message Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2017-04-28T13:20:25", "edition": 1, "reporter": "OSVDB", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://jaf-cms.sourceforge.net/\n[Secunia Advisory ID:22143](https://secuniaresearch.flexerasoftware.com/advisories/22143/)\n[Related OSVDB ID: 29229](https://vulners.com/osvdb/OSVDB:29229)\n[Related OSVDB ID: 29230](https://vulners.com/osvdb/OSVDB:29230)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0439.html\nMail List Post: http://www.securityfocus.com/archive/1/archive/1/447081/100/0/threaded\n[CVE-2006-5129](https://vulners.com/cve/CVE-2006-5129)\nBugtraq ID: 20225\n", "modified": "2006-09-26T13:48:41", "viewCount": 0, "published": "2006-09-26T13:48:41", "cvelist": ["CVE-2006-5129"]}
{"cve": [{"lastseen": "2021-02-02T05:27:24", "description": "Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables.", "edition": 4, "cvss3": {}, "published": "2006-10-03T04:03:00", "title": "CVE-2006-5129", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5129"], "modified": "2018-10-17T21:41:00", "cpe": ["cpe:/a:salims_softhouse:jaf_cms:4.0"], "id": "CVE-2006-5129", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5129", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:salims_softhouse:jaf_cms:4.0:rc1:*:*:*:*:*:*"]}]}
