CVE-2006-7022 - Vulnerability Details - OpenCVE

Description

The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.

Published: 2007-02-15

Score: 10.0 Critical

EPSS: 2.0% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:fx-app:fx-app:0.0.8.1:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2006-7004	The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01959.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://securityreason.com/securityalert/2251
http://www.securityfocus.com/archive/1/436691/30/4500/threaded
http://www.securityfocus.com/bid/18361
https://exchange.xforce.ibmcloud.com/vulnerabilities/27180

History

No history.

Subscriptions

Fx-app Fx-app

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-15T02:00:00.000Z

Updated: 2024-08-07T20:50:05.835Z

Reserved: 2007-02-14T00:00:00.000Z

Link: CVE-2006-7022

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-02-15T02:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-7022

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "fxapp-url-xss(27180)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}, {"name": "2251", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2251"}, {"name": "20060610 fx-APP Version 0.0.8.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"name": "18361", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18361"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7022", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "fxapp-url-xss(27180)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}, {"name": "2251", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2251"}, {"name": "20060610 fx-APP Version 0.0.8.1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"name": "18361", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18361"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:50:05.835Z"}, "title": "CVE Program Container", "references": [{"name": "fxapp-url-xss(27180)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}, {"name": "2251", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2251"}, {"name": "20060610 fx-APP Version 0.0.8.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"name": "18361", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18361"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7022", "datePublished": "2007-02-15T02:00:00.000Z", "dateReserved": "2007-02-14T00:00:00.000Z", "dateUpdated": "2024-08-07T20:50:05.835Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fx-app:fx-app:0.0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "5EE4BD03-8E06-41D4-B572-85B34EBFF9F1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe."}, {"lang": "es", "value": "El m\u00f3dulo Tools en fx-APP 0.0.8.1 permite a atacantes remotos deformar el contenido de una pagina web a trav\u00e9s de una URL de su elecci\u00f3n en el par\u00e1metro url en la acci\u00f3n showhtml para index.php, lo caul provoca que la URL se muestre dentro de un iframe."}], "id": "CVE-2006-7022", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-15T02:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2251"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18361"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}