CVE-2006-1637 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aweb Labs	Awebbb

Configuration 1 [-]

cpe:2.3:a:aweb_labs:awebbb:1.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://evuln.com/vulns/117/summary.html
http://secunia.com/advisories/19486
http://www.osvdb.org/24337
http://www.osvdb.org/24338
http://www.osvdb.org/24339
http://www.securityfocus.com/archive/1/431064/100/0/threaded
http://www.securityfocus.com/bid/17352
http://www.vupen.com/english/advisories/2006/1197
https://exchange.xforce.ibmcloud.com/vulnerabilities/25585

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-06T10:00:00

Updated: 2024-08-07T17:19:48.950Z

Reserved: 2006-04-06T00:00:00

Link: CVE-2006-1637

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-06T10:04:00.000

Modified: 2018-10-18T16:33:41.000

Link: CVE-2006-1637

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24339", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24339"}, {"name": "awebbb-multiple-xss(25585)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25585"}, {"name": "19486", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19486"}, {"name": "20060415 [eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/431064/100/0/threaded"}, {"name": "24338", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24338"}, {"tags": ["x_refsource_MISC"], "url": "http://evuln.com/vulns/117/summary.html"}, {"name": "ADV-2006-1197", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1197"}, {"name": "17352", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17352"}, {"name": "24337", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24337"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1637", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24339", "refsource": "OSVDB", "url": "http://www.osvdb.org/24339"}, {"name": "awebbb-multiple-xss(25585)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25585"}, {"name": "19486", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19486"}, {"name": "20060415 [eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431064/100/0/threaded"}, {"name": "24338", "refsource": "OSVDB", "url": "http://www.osvdb.org/24338"}, {"name": "http://evuln.com/vulns/117/summary.html", "refsource": "MISC", "url": "http://evuln.com/vulns/117/summary.html"}, {"name": "ADV-2006-1197", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1197"}, {"name": "17352", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17352"}, {"name": "24337", "refsource": "OSVDB", "url": "http://www.osvdb.org/24337"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:19:48.950Z"}, "title": "CVE Program Container", "references": [{"name": "24339", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24339"}, {"name": "awebbb-multiple-xss(25585)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25585"}, {"name": "19486", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19486"}, {"name": "20060415 [eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/431064/100/0/threaded"}, {"name": "24338", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24338"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://evuln.com/vulns/117/summary.html"}, {"name": "ADV-2006-1197", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1197"}, {"name": "17352", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17352"}, {"name": "24337", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24337"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1637", "datePublished": "2006-04-06T10:00:00", "dateReserved": "2006-04-06T00:00:00", "dateUpdated": "2024-08-07T17:19:48.950Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aweb_labs:awebbb:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3FC1331D-F927-4FCD-8CB8-F797D549798F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de guiones en sitios cruzados (XSS) en aWebBB 1.2 permiten a atacantes remotos inyectar guiones web o HTML de su elecci\u00f3n emdiante los par\u00e1metros (1) tname o (2) fpost de (a) post.php; los par\u00e1metros (3) fullname, (4) emailadd, (5) country, (6) sig o (7) otherav de (b) editac.php; o los par\u00e1metros (2) fullname, (9) emailadd, o (10) country de (c) register.php."}], "id": "CVE-2006-1637", "lastModified": "2018-10-18T16:33:41.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-06T10:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://evuln.com/vulns/117/summary.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19486"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24337"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24338"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24339"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/431064/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17352"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1197"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25585"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}