CVE-2006-3617

{"id": "CVE-2006-3617", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-18T15:46:00.000", "references": [{"url": "http://www.neosecurityteam.net/index.php?action=advisories&id=23", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/439486/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27006", "source": "cve@mitre.org"}, {"url": "http://www.neosecurityteam.net/index.php?action=advisories&id=23", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/439486/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27006", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en pblguestbook.php en Pixelated By Lev (PBL) Guestbook 1.32 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) name, (2) message (aka comments), (3) website, y (4) email, el cual evita el mecanismo de protecci\u00f3n XSS que valida para la etiquetas del SCRIPT pero otras no, como se demostr\u00f3 con el URI javascript en un atributo onMouseOver y el atributo src en una etiqueta iframe. NOTA: algunos vectores podr\u00edan solaparse con CVE-2006-2975, aunque el uso de manipulaciones alternativas lo hacen poco claro."}], "lastModified": "2024-11-21T00:14:02.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pixelated_by_lev:pixelated_by_lev_guestbook:1.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B430F99-CFB3-420B-BBC8-9587B5317B55"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}