CVE-2006-1202 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jcink.com	Textfilebb

Configuration 1 [-]

cpe:2.3:a:jcink.com:textfilebb:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://notlegal.ws/textfilebbmessanger.txt
http://secunia.com/advisories/19149
http://securitytracker.com/id?1015744
http://www.securityfocus.com/archive/1/427081/100/0/threaded
http://www.securityfocus.com/bid/17029
http://www.vupen.com/english/advisories/2006/0897
https://exchange.xforce.ibmcloud.com/vulnerabilities/25091

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-14T01:00:00

Updated: 2024-08-07T17:03:28.233Z

Reserved: 2006-03-14T00:00:00

Link: CVE-2006-1202

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-14T01:06:00.000

Modified: 2024-11-21T00:08:17.623

Link: CVE-2006-1202

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17029", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17029"}, {"name": "ADV-2006-0897", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0897"}, {"tags": ["x_refsource_MISC"], "url": "http://notlegal.ws/textfilebbmessanger.txt"}, {"name": "20060308 textfileBB <= 1.0 Multiple XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/427081/100/0/threaded"}, {"name": "textbb-messanger-xss(25091)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25091"}, {"name": "1015744", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015744"}, {"name": "19149", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19149"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1202", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17029", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17029"}, {"name": "ADV-2006-0897", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0897"}, {"name": "http://notlegal.ws/textfilebbmessanger.txt", "refsource": "MISC", "url": "http://notlegal.ws/textfilebbmessanger.txt"}, {"name": "20060308 textfileBB <= 1.0 Multiple XSS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/427081/100/0/threaded"}, {"name": "textbb-messanger-xss(25091)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25091"}, {"name": "1015744", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015744"}, {"name": "19149", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19149"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:03:28.233Z"}, "title": "CVE Program Container", "references": [{"name": "17029", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17029"}, {"name": "ADV-2006-0897", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0897"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://notlegal.ws/textfilebbmessanger.txt"}, {"name": "20060308 textfileBB <= 1.0 Multiple XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/427081/100/0/threaded"}, {"name": "textbb-messanger-xss(25091)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25091"}, {"name": "1015744", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015744"}, {"name": "19149", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19149"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1202", "datePublished": "2006-03-14T01:00:00", "dateReserved": "2006-03-14T00:00:00", "dateUpdated": "2024-08-07T17:03:28.233Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jcink.com:textfilebb:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F479BDC3-32EE-44C8-90FD-A7E71B0B8BF8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value."}], "id": "CVE-2006-1202", "lastModified": "2024-11-21T00:08:17.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-14T01:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["URL Repurposed"], "url": "http://notlegal.ws/textfilebbmessanger.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19149"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015744"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/427081/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17029"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0897"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["URL Repurposed"], "url": "http://notlegal.ws/textfilebbmessanger.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/427081/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17029"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0897"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25091"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}