{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17285", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17285"}, {"name": "673", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/673"}, {"name": "ADV-2006-1150", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1150"}, {"name": "24220", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24220"}, {"name": "19445", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19445"}, {"name": "24221", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24221"}, {"name": "20060328 ArabPortal 2.0 Stable CrossSiteScripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/429109/100/0/threaded"}, {"name": "arabportal-online-download-xss(25515)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25515"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1504", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17285", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17285"}, {"name": "673", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/673"}, {"name": "ADV-2006-1150", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1150"}, {"name": "24220", "refsource": "OSVDB", "url": "http://www.osvdb.org/24220"}, {"name": "19445", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19445"}, {"name": "24221", "refsource": "OSVDB", "url": "http://www.osvdb.org/24221"}, {"name": "20060328 ArabPortal 2.0 Stable CrossSiteScripting", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/429109/100/0/threaded"}, {"name": "arabportal-online-download-xss(25515)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25515"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1504", "datePublished": "2006-03-30T01:00:00", "dateReserved": "2006-03-29T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arab_portal:arab_portal:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D16BAE4-E97A-480A-B7E5-E15632BFE17D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php."}], "evaluatorSolution": "Successful exploitation requires that the \"register_globals\" parameter is enabled.", "id": "CVE-2006-1504", "lastModified": "2018-10-18T16:32:55.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-30T01:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/19445"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/673"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24220"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24221"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/429109/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17285"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1150"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25515"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}