{"id": "OSVDB:30040", "bulletinFamily": "software", "title": "MAXdev MD-Pro user.php op Variable XSS", "description": "## Manual Testing Notes\nhttp://[target]/user.php?uname=1&module=NS- LostPassword&op=[code]\n## References:\nVendor Specific News/Changelog Entry: http://www.maxdev.com/Article608.phtml\n[Secunia Advisory ID:22564](https://secuniaresearch.flexerasoftware.com/advisories/22564/)\n[Related OSVDB ID: 30041](https://vulners.com/osvdb/OSVDB:30041)\nFrSIRT Advisory: ADV-2006-4195\n[CVE-2006-5564](https://vulners.com/cve/CVE-2006-5564)\nBugtraq ID: 20752\n", "published": "2006-10-25T10:03:48", "modified": "2006-10-25T10:03:48", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:30040", "reporter": "OSVDB", "references": [], "cvelist": ["CVE-2006-5564"], "type": "osvdb", "lastseen": "2017-04-28T13:20:26", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "a17d6e37bb2b1fc6a78c206beeb3327e"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "3ce908036b42322cb651fea501e3b347"}, {"key": "href", "hash": "2bfaaebba996849cfdf9d1fa1f60bb54"}, {"key": "modified", "hash": "ead03811f3c3cc3a43c8ea9a56df7683"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "ead03811f3c3cc3a43c8ea9a56df7683"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "6135695dfce4e71008b55d91c9f4d30d"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "98dfa22a7edf2c12f6c7f1afb8b26ec23fba8d1b9c61f8adbbb4a15105711837", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [], "enchantments": {"vulnersScore": 3.2}}

{"result": {"cve": [{"id": "CVE-2006-5564", "type": "cve", "title": "CVE-2006-5564", "description": "Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.", "published": "2006-10-27T12:07:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5564", "cvelist": ["CVE-2006-5564"], "lastseen": "2016-09-03T07:46:13"}], "seebug": [{"id": "SSV-82407", "type": "seebug", "title": "MAXdev MD-Pro 1.0.76 User.PHP Cross-Site Scripting Vulnerability", "description": "Summary: \nMAXdev MD-Pro 1.0.76 version of the user. php cross-site scripting vulnerability, a remote attacker can via the op parameter to inject arbitrary Web script or HTML.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-82407", "cvelist": ["CVE-2006-5564"], "lastseen": "2016-08-06T02:40:42"}], "exploitdb": [{"id": "EDB-ID:28863", "type": "exploitdb", "title": "MAXdev MD-Pro 1.0.76 User.PHP Cross-Site Scripting Vulnerability", "description": "MAXdev MD-Pro 1.0.76 User.PHP Cross-Site Scripting Vulnerability. CVE-2006-5564. Webapps exploit for php platform", "published": "2006-10-26T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/28863/", "cvelist": ["CVE-2006-5564"], "lastseen": "2016-02-03T09:05:56"}]}}