CVE-2006-3494 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vastal I-tech	Buddy Zone

Configuration 1 [-]

cpe:2.3:a:vastal_i-tech:buddy_zone:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/20933
http://securityreason.com/securityalert/1209
http://www.osvdb.org/26979
http://www.osvdb.org/26980
http://www.osvdb.org/26981
http://www.osvdb.org/26982
http://www.osvdb.org/26983
http://www.osvdb.org/26984
http://www.osvdb.org/26985
http://www.osvdb.org/26988
http://www.osvdb.org/26989
http://www.osvdb.org/26990
http://www.osvdb.org/26991
http://www.osvdb.org/26992
http://www.osvdb.org/26993
http://www.securityfocus.com/archive/1/438868/100/0/threaded
http://www.securityfocus.com/archive/1/440144/100/100/threaded
http://www.securityfocus.com/bid/18759
http://www.vupen.com/english/advisories/2006/2645
https://exchange.xforce.ibmcloud.com/vulnerabilities/27514

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-10T22:00:00

Updated: 2024-08-07T18:30:33.905Z

Reserved: 2006-07-10T00:00:00

Link: CVE-2006-3494

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-07-10T22:05:00.000

Modified: 2024-11-21T00:13:45.050

Link: CVE-2006-3494

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1209", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1209"}, {"name": "26985", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26985"}, {"name": "26981", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26981"}, {"name": "26990", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26990"}, {"name": "26991", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26991"}, {"name": "26988", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26988"}, {"name": "buddy-zone-multiple-scripts-sql-injection(27514)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27514"}, {"name": "26989", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26989"}, {"name": "26982", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26982"}, {"name": "18759", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18759"}, {"name": "26984", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26984"}, {"name": "26983", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26983"}, {"name": "26992", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26992"}, {"name": "20060630 Buddy Zone Version 1.0.1 - XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438868/100/0/threaded"}, {"name": "26979", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26979"}, {"name": "20933", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20933"}, {"name": "26993", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26993"}, {"name": "20060715 Re: Buddy Zone Version 1.0.1 - XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440144/100/100/threaded"}, {"name": "ADV-2006-2645", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2645"}, {"name": "26980", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26980"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3494", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1209", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1209"}, {"name": "26985", "refsource": "OSVDB", "url": "http://www.osvdb.org/26985"}, {"name": "26981", "refsource": "OSVDB", "url": "http://www.osvdb.org/26981"}, {"name": "26990", "refsource": "OSVDB", "url": "http://www.osvdb.org/26990"}, {"name": "26991", "refsource": "OSVDB", "url": "http://www.osvdb.org/26991"}, {"name": "26988", "refsource": "OSVDB", "url": "http://www.osvdb.org/26988"}, {"name": "buddy-zone-multiple-scripts-sql-injection(27514)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27514"}, {"name": "26989", "refsource": "OSVDB", "url": "http://www.osvdb.org/26989"}, {"name": "26982", "refsource": "OSVDB", "url": "http://www.osvdb.org/26982"}, {"name": "18759", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18759"}, {"name": "26984", "refsource": "OSVDB", "url": "http://www.osvdb.org/26984"}, {"name": "26983", "refsource": "OSVDB", "url": "http://www.osvdb.org/26983"}, {"name": "26992", "refsource": "OSVDB", "url": "http://www.osvdb.org/26992"}, {"name": "20060630 Buddy Zone Version 1.0.1 - XSS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438868/100/0/threaded"}, {"name": "26979", "refsource": "OSVDB", "url": "http://www.osvdb.org/26979"}, {"name": "20933", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20933"}, {"name": "26993", "refsource": "OSVDB", "url": "http://www.osvdb.org/26993"}, {"name": "20060715 Re: Buddy Zone Version 1.0.1 - XSS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440144/100/100/threaded"}, {"name": "ADV-2006-2645", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2645"}, {"name": "26980", "refsource": "OSVDB", "url": "http://www.osvdb.org/26980"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:30:33.905Z"}, "title": "CVE Program Container", "references": [{"name": "1209", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1209"}, {"name": "26985", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26985"}, {"name": "26981", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26981"}, {"name": "26990", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26990"}, {"name": "26991", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26991"}, {"name": "26988", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26988"}, {"name": "buddy-zone-multiple-scripts-sql-injection(27514)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27514"}, {"name": "26989", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26989"}, {"name": "26982", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26982"}, {"name": "18759", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18759"}, {"name": "26984", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26984"}, {"name": "26983", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26983"}, {"name": "26992", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26992"}, {"name": "20060630 Buddy Zone Version 1.0.1 - XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438868/100/0/threaded"}, {"name": "26979", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26979"}, {"name": "20933", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20933"}, {"name": "26993", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26993"}, {"name": "20060715 Re: Buddy Zone Version 1.0.1 - XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440144/100/100/threaded"}, {"name": "ADV-2006-2645", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2645"}, {"name": "26980", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26980"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3494", "datePublished": "2006-07-10T22:00:00", "dateReserved": "2006-07-10T00:00:00", "dateUpdated": "2024-08-07T18:30:33.905Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vastal_i-tech:buddy_zone:*:*:*:*:*:*:*:*", "matchCriteriaId": "E03F83C7-84A8-4603-BCB4-754694771550", "versionEndIncluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Buddy Zone 1.0.1 permite a atacantes remotos inyectar HTML y secuencias de comandos web de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) cat_id a (a) view_classifieds.php; (2) id en (b) view_ad.php; (3) event_id en (c) view_event.php, (d) delete_event.php y (e) edit_event.php; y (4) group_id en (f) view_group.php."}], "id": "CVE-2006-3494", "lastModified": "2024-11-21T00:13:45.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-10T22:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20933"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1209"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/26979"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/26980"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/26981"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/26982"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/26983"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/26984"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/26985"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26988"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26989"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26990"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26991"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26992"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26993"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438868/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440144/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18759"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2645"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20933"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/26979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/26980"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/26981"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/26982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/26983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/26984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/26985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26988"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26989"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26991"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26992"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26993"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438868/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440144/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2645"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27514"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}