CVE-2006-4577

{"id": "CVE-2006-4577", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"url": "http://osvdb.org/32564", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://osvdb.org/32565", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://osvdb.org/32566", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/21694", "tags": ["Exploit", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2006-76/advisory/", "tags": ["Exploit", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/21870", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31240", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31247", "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el Address Book 1.04e permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante eventos Javascript en los par\u00e1metros (1) email, (2) websites y (3) groupAddName en el (a) save.php; el par\u00e1metro (4) errorMsg en el (b) index.php; y los par\u00e1metros (5) goTo and (6) search en el (c) search.php."}], "lastModified": "2017-07-20T01:33:11.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "987F84E0-1A6B-484B-B973-9AE2E3ADB435"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}