CVE-2006-7078 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Professional Home Page Tools Login Script	Professional Home Page Tools Login Script

Configuration 1 [-]

cpe:2.3:a:professional_home_page_tools_login_script:professional_home_page_tools_login_script:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048194.html
http://secunia.com/advisories/21206
http://securityreason.com/securityalert/2329
http://www.securityfocus.com/archive/1/441194/100/0/threaded
http://www.vupen.com/english/advisories/2006/2981
https://exchange.xforce.ibmcloud.com/vulnerabilities/27967

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-27T18:00:00

Updated: 2024-08-07T20:50:06.263Z

Reserved: 2007-02-27T00:00:00

Link: CVE-2006-7078

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-03-02T21:18:00.000

Modified: 2018-10-16T16:29:24.773

Link: CVE-2006-7078

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-25T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-2981", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2981"}, {"name": "phpt-login-xss(27967)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27967"}, {"name": "21206", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21206"}, {"name": "2329", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2329"}, {"name": "20060725 Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048194.html"}, {"name": "20060725 Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/441194/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7078", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-2981", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2981"}, {"name": "phpt-login-xss(27967)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27967"}, {"name": "21206", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21206"}, {"name": "2329", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2329"}, {"name": "20060725 Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048194.html"}, {"name": "20060725 Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/441194/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:50:06.263Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-2981", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2981"}, {"name": "phpt-login-xss(27967)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27967"}, {"name": "21206", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21206"}, {"name": "2329", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2329"}, {"name": "20060725 Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048194.html"}, {"name": "20060725 Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/441194/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7078", "datePublished": "2007-02-27T18:00:00", "dateReserved": "2007-02-27T00:00:00", "dateUpdated": "2024-08-07T20:50:06.263Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:professional_home_page_tools_login_script:professional_home_page_tools_login_script:*:*:*:*:*:*:*:*", "matchCriteriaId": "837B919A-5688-441F-ACFA-C9C3CD46F629", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Professional Home Page Tools Login Script, como en July 2006, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) name, (2) vorname, y (3) nachname en la secuencia de comandos del registro. NOTA: algunos de estos detalles se obtuvieron de terceras partes."}], "id": "CVE-2006-7078", "lastModified": "2018-10-16T16:29:24.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-03-02T21:18:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048194.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21206"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2329"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/441194/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2981"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27967"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}