CVE-2006-7073

{"id": "CVE-2006-7073", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-03-02T21:18:00.000", "references": [{"url": "http://secunia.com/advisories/21787", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?group_id=66311&release_id=445469", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19888", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3499", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28788", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21787", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/project/shownotes.php?group_id=66311&release_id=445469", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/19888", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/3499", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28788", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Opentools Attachment Mod anterior a 2.4.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n en Internet Explorer a trav\u00e9s de vectores desconocidos relacionados con el formulario de adjuntos enviados. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opentools:attachment_mod:2.4.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11626342-0F2E-4909-8623-56BDF4755637"}, {"criteria": "cpe:2.3:a:opentools:attachment_mod:2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7446952D-EF5C-4E68-8A62-D7D6334F8648"}, {"criteria": "cpe:2.3:a:opentools:attachment_mod:2.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05A58A33-112B-4D8D-A786-521B33BBA5F2"}, {"criteria": "cpe:2.3:a:opentools:attachment_mod:2.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4109CCEB-4D3E-4564-8EB2-9748FB5BCD95"}, {"criteria": "cpe:2.3:a:opentools:attachment_mod:2.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0A39274-AFDA-4464-88E1-8AB6F4BBECDD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}