CVE-2006-2066 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mkportal	Mkportal

Configuration 1 [-]

cpe:2.3:a:mkportal:mkportal:1.1_rc1:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/19786	Vendor Advisory
http://securityreason.com/securityalert/801
http://securitytracker.com/id?1015977	Exploit
http://www.nukedx.com/?viewdoc=26	Exploit Vendor Advisory
http://www.osvdb.org/24901
http://www.securityfocus.com/archive/1/431759/100/0/threaded
http://www.securityfocus.com/archive/1/447195/100/0/threaded
http://www.securityfocus.com/archive/1/447303/100/0/threaded
http://www.securityfocus.com/bid/17651
http://www.securityfocus.com/bid/20232
http://www.vupen.com/english/advisories/2006/1485	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-27T10:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-04-26T00:00:00

Link: CVE-2006-2066

JSON object: View

NVD Information

Status : Modified

Published: 2006-04-27T13:34:00.000

Modified: 2018-10-18T16:37:56.537

Link: CVE-2006-2066

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-21T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.nukedx.com/?viewdoc=26"}, {"name": "1015977", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015977"}, {"name": "20060927 MkPortal Cross Site Scripting (All versions) xSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/447195/100/0/threaded"}, {"name": "20060928 Re: xxs in MKPortal M1.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/447303/100/0/threaded"}, {"name": "ADV-2006-1485", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1485"}, {"name": "801", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/801"}, {"name": "17651", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17651"}, {"name": "20232", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20232"}, {"name": "24901", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24901"}, {"name": "19786", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19786"}, {"name": "20060421 vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/431759/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2066", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.nukedx.com/?viewdoc=26", "refsource": "MISC", "url": "http://www.nukedx.com/?viewdoc=26"}, {"name": "1015977", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015977"}, {"name": "20060927 MkPortal Cross Site Scripting (All versions) xSS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447195/100/0/threaded"}, {"name": "20060928 Re: xxs in MKPortal M1.1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447303/100/0/threaded"}, {"name": "ADV-2006-1485", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1485"}, {"name": "801", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/801"}, {"name": "17651", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17651"}, {"name": "20232", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20232"}, {"name": "24901", "refsource": "OSVDB", "url": "http://www.osvdb.org/24901"}, {"name": "19786", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19786"}, {"name": "20060421 vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431759/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2066", "datePublished": "2006-04-27T10:00:00", "dateReserved": "2006-04-26T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mkportal:mkportal:1.1_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "28D48A2C-A60A-4200-B091-3E90F0AECC4A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters."}], "id": "CVE-2006-2066", "lastModified": "2018-10-18T16:37:56.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-27T13:34:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19786"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/801"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1015977"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.nukedx.com/?viewdoc=26"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24901"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/431759/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447195/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447303/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17651"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20232"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/1485"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}