CVE-2006-5984 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Webhost Automation	Helm Web Hosting Control Panel

Configuration 1 [-]

cpe:2.3:a:webhost_automation:helm_web_hosting_control_panel:3.2.10:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://aria-security.net/advisory/helm.txt
http://secunia.com/advisories/22916
http://securityreason.com/securityalert/1884
http://securitytracker.com/id?1017240
http://www.securityfocus.com/archive/1/451737/100/0/threaded
http://www.securityfocus.com/archive/1/451848/100/200/threaded
http://www.vupen.com/english/advisories/2006/4557
https://exchange.xforce.ibmcloud.com/vulnerabilities/30309

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-20T21:00:00

Updated: 2024-08-07T20:12:31.190Z

Reserved: 2006-11-20T00:00:00

Link: CVE-2006-5984

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-20T21:07:00.000

Modified: 2018-10-17T21:46:12.983

Link: CVE-2006-5984

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-14T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061114 Helm Cross-Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451737/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://aria-security.net/advisory/helm.txt"}, {"name": "ADV-2006-4557", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4557"}, {"name": "22916", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22916"}, {"name": "1884", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1884"}, {"name": "1017240", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017240"}, {"name": "helm-domainsusersdefaault-xss(30309)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30309"}, {"name": "20061116 Helm Cross Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451848/100/200/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5984", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061114 Helm Cross-Site Scripting (XSS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451737/100/0/threaded"}, {"name": "http://aria-security.net/advisory/helm.txt", "refsource": "MISC", "url": "http://aria-security.net/advisory/helm.txt"}, {"name": "ADV-2006-4557", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4557"}, {"name": "22916", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22916"}, {"name": "1884", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1884"}, {"name": "1017240", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017240"}, {"name": "helm-domainsusersdefaault-xss(30309)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30309"}, {"name": "20061116 Helm Cross Site Scripting", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451848/100/200/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.190Z"}, "title": "CVE Program Container", "references": [{"name": "20061114 Helm Cross-Site Scripting (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/451737/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aria-security.net/advisory/helm.txt"}, {"name": "ADV-2006-4557", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4557"}, {"name": "22916", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22916"}, {"name": "1884", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1884"}, {"name": "1017240", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017240"}, {"name": "helm-domainsusersdefaault-xss(30309)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30309"}, {"name": "20061116 Helm Cross Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/451848/100/200/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5984", "datePublished": "2006-11-20T21:00:00", "dateReserved": "2006-11-20T00:00:00", "dateUpdated": "2024-08-07T20:12:31.190Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webhost_automation:helm_web_hosting_control_panel:3.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "2CEA8C49-1092-42AB-8FB7-8E24DB0ABB76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Helm Web Hosting Control Panel 3.2.10 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) txtCompanyName, (2) txtEmail, o (3) txtUserAccNum de (a) users.asp, o el par\u00e1metro (4) setThemeColour de (b) default.asp en los niveles de administrador y revendedor (Reseller and Admin Levels); o el par\u00e1metro (5) setThemeColour de default.asp en el nivel de usuario (User level). NOTA: el par\u00e1metro txtDomainName de domains.asp se trata en CVE-2006-1407, lo que sugiere que este vector est\u00e1 solucionado en la versi\u00f3n 3.2.10 estable."}], "id": "CVE-2006-5984", "lastModified": "2018-10-17T21:46:12.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-20T21:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://aria-security.net/advisory/helm.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22916"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1884"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017240"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/451737/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/451848/100/200/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4557"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30309"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}