CVE-2006-3558 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Arif Supriyanto	Auracms

Configuration 1 [-]

cpe:2.3:a:arif_supriyanto:auracms:1.62:*:*:*:*:*:*:*

References

Link	Resource
http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt	Exploit
http://securityreason.com/securityalert/1226
http://www.osvdb.org/28200
http://www.osvdb.org/28202
http://www.securityfocus.com/archive/1/439494/100/0/threaded
http://www.securityfocus.com/bid/18867	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/27703
https://exchange.xforce.ibmcloud.com/vulnerabilities/27704

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-13T00:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-07-12T00:00:00

Link: CVE-2006-3558

JSON object: View

NVD Information

Status : Modified

Published: 2006-07-13T00:05:00.000

Modified: 2018-10-18T16:47:58.817

Link: CVE-2006-3558

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-06T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "auracms-teman-xss(27703)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27703"}, {"tags": ["x_refsource_MISC"], "url": "http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt"}, {"name": "28202", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28202"}, {"name": "28200", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28200"}, {"name": "auracms-title-xss(27704)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27704"}, {"name": "1226", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1226"}, {"name": "18867", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18867"}, {"name": "20060706 lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]>===<[XSS vulnerable]&[bug]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/439494/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3558", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "auracms-teman-xss(27703)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27703"}, {"name": "http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt", "refsource": "MISC", "url": "http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt"}, {"name": "28202", "refsource": "OSVDB", "url": "http://www.osvdb.org/28202"}, {"name": "28200", "refsource": "OSVDB", "url": "http://www.osvdb.org/28200"}, {"name": "auracms-title-xss(27704)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27704"}, {"name": "1226", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1226"}, {"name": "18867", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18867"}, {"name": "20060706 lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]>===<[XSS vulnerable]&[bug]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/439494/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3558", "datePublished": "2006-07-13T00:00:00", "dateReserved": "2006-07-12T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arif_supriyanto:auracms:1.62:*:*:*:*:*:*:*", "matchCriteriaId": "FF50CDDD-C980-463F-87A1-3C5852E9BE2B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Arif Supriyanto auraCMS 1.62 permiten a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro judul_artikel en teman.php y (2) el t\u00edtulo de un art\u00edculo enviado al administrador, lo cual es visualizado cuando usuarios sin autenticar visitan index.php."}], "id": "CVE-2006-3558", "lastModified": "2018-10-18T16:47:58.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-13T00:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1226"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28200"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28202"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/439494/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/18867"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27703"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27704"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}