{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19214", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19214"}, {"tags": ["x_refsource_MISC"], "url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"}, {"name": "ADV-2006-0944", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0944"}, {"name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406"}, {"name": "17075", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17075"}, {"name": "23847", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/23847"}, {"name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"}, {"name": "zeroboard-multiple-fields-xss(25212)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1222", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19214", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19214"}, {"name": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf", "refsource": "MISC", "url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"}, {"name": "ADV-2006-0944", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0944"}, {"name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"}, {"name": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406", "refsource": "CONFIRM", "url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406"}, {"name": "17075", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17075"}, {"name": "23847", "refsource": "OSVDB", "url": "http://www.osvdb.org/23847"}, {"name": "20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"}, {"name": "zeroboard-multiple-fields-xss(25212)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1222", "datePublished": "2006-03-14T11:00:00", "dateReserved": "2006-03-14T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zeroboard:zeroboard:4.1_pl2:*:*:*:*:*:*:*", "matchCriteriaId": "021147FB-D153-440D-95F2-B812FB9DEA19", "vulnerable": true}, {"criteria": "cpe:2.3:a:zeroboard:zeroboard:4.1_pl3:*:*:*:*:*:*:*", "matchCriteriaId": "ABAEFB19-C049-4C09-89CF-00E128FEC5DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zeroboard:zeroboard:4.1_pl4:*:*:*:*:*:*:*", "matchCriteriaId": "D9FC71F5-C279-40A8-ABC3-5A141D7DF419", "vulnerable": true}, {"criteria": "cpe:2.3:a:zeroboard:zeroboard:4.1_pl5:*:*:*:*:*:*:*", "matchCriteriaId": "837FA51A-A0C2-4BC0-9349-DB220BBB7A42", "vulnerable": true}, {"criteria": "cpe:2.3:a:zeroboard:zeroboard:4.1_pl6:*:*:*:*:*:*:*", "matchCriteriaId": "67C7E8DA-5108-4928-B05E-70827B5F39B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zeroboard:zeroboard:4.1_pl7:*:*:*:*:*:*:*", "matchCriteriaId": "B384EB69-8D0C-4D15-B650-D157DE6E559A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields."}], "id": "CVE-2006-1222", "lastModified": "2018-10-18T16:31:27.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-14T11:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042872.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19214"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf"}, {"source": "cve@mitre.org", "url": "http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/23847"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/427466/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17075"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0944"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25212"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}