CVE-2006-3769 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01386.

Key SSVC decision points have not yet been added.

Vendors	Products
Top Xl	Top Xl

Configuration 1 [-]

OR	cpe:2.3:a:top_xl:top_xl::::::::
	cpe:2.3:a:top_xl:top_xl:1.0:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/21145
http://securityreason.com/securityalert/1267
http://securitytracker.com/id?1016548
http://www.majorsecurity.de/advisory/major_rls22.txt
http://www.osvdb.org/27413
http://www.osvdb.org/27414
http://www.securityfocus.com/archive/1/440652/100/0/threaded
http://www.securityfocus.com/archive/1/440889/100/100/threaded
http://www.securityfocus.com/bid/19098
http://www.vupen.com/english/advisories/2006/2914
https://exchange.xforce.ibmcloud.com/vulnerabilities/27880

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-21T17:00:00

Updated: 2024-08-07T18:39:54.087Z

Reserved: 2006-07-21T00:00:00

Link: CVE-2006-3769

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-07-24T12:19:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3769

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060720 Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440889/100/100/threaded"}, {"name": "20060720 [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440652/100/0/threaded"}, {"name": "topxl-add-index-xss(27880)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27880"}, {"name": "ADV-2006-2914", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2914"}, {"tags": ["x_refsource_MISC"], "url": "http://www.majorsecurity.de/advisory/major_rls22.txt"}, {"name": "1016548", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016548"}, {"name": "21145", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21145"}, {"name": "27414", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27414"}, {"name": "27413", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27413"}, {"name": "1267", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1267"}, {"name": "19098", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19098"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3769", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060720 Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440889/100/100/threaded"}, {"name": "20060720 [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440652/100/0/threaded"}, {"name": "topxl-add-index-xss(27880)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27880"}, {"name": "ADV-2006-2914", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2914"}, {"name": "http://www.majorsecurity.de/advisory/major_rls22.txt", "refsource": "MISC", "url": "http://www.majorsecurity.de/advisory/major_rls22.txt"}, {"name": "1016548", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016548"}, {"name": "21145", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21145"}, {"name": "27414", "refsource": "OSVDB", "url": "http://www.osvdb.org/27414"}, {"name": "27413", "refsource": "OSVDB", "url": "http://www.osvdb.org/27413"}, {"name": "1267", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1267"}, {"name": "19098", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19098"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:39:54.087Z"}, "title": "CVE Program Container", "references": [{"name": "20060720 Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440889/100/100/threaded"}, {"name": "20060720 [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440652/100/0/threaded"}, {"name": "topxl-add-index-xss(27880)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27880"}, {"name": "ADV-2006-2914", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2914"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.majorsecurity.de/advisory/major_rls22.txt"}, {"name": "1016548", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016548"}, {"name": "21145", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21145"}, {"name": "27414", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27414"}, {"name": "27413", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27413"}, {"name": "1267", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1267"}, {"name": "19098", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19098"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3769", "datePublished": "2006-07-21T17:00:00", "dateReserved": "2006-07-21T00:00:00", "dateUpdated": "2024-08-07T18:39:54.087Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:top_xl:top_xl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1AD0F9B-21D2-49D9-ABCA-E0B5E7E8F884", "versionEndIncluding": "1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:top_xl:top_xl:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CEE9507C-0F47-477A-9F03-6EADC0A0E2D4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Top XL 1.1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) pass y (2) pass2 parameters en (a) add.php o el par\u00e1metro (3) id en (b) members/index.php."}], "evaluatorSolution": "Successful exploitation requires that register_globals is enabled.", "id": "CVE-2006-3769", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-24T12:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21145"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1267"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016548"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.majorsecurity.de/advisory/major_rls22.txt"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27413"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27414"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440652/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440889/100/100/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/19098"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2914"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27880"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.majorsecurity.de/advisory/major_rls22.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27413"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27414"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440652/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440889/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/19098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2914"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27880"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}