Executive Summary

Informations
Name CVE-2006-3366 First vendor Publication 2006-07-06
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...".

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3366

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
26725 V3 Chat Instant Messenger Profile Edit Filter Bypass XSS
26724 V3 Chat Instant Messenger expire.php cust_name Parameter XSS
26723 V3 Chat Instant Messenger profileview.php membername Parameter XSS
26722 V3 Chat Instant Messenger profile.php site_id Parameter XSS
26721 V3 Chat Instant Messenger search.php Multiple Parameter XSS
26720 V3 Chat Instant Messenger online.php site_id Parameter XSS
26719 V3 Chat Instant Messenger is_online.php login_id Parameter XSS
26718 V3 Chat Instant Messenger mail/reply.php id Parameter XSS
26717 V3 Chat Instant Messenger mail/index.php id Parameter XSS

Sources (Detail)

http://securitytracker.com/id?1016340
http://www.securityfocus.com/archive/1/437755/100/200/threaded
http://www.securityfocus.com/archive/1/438069/100/200/threaded
http://www.securityfocus.com/bid/18543
http://www.vupen.com/english/advisories/2006/2474
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2024-11-28 23:20:04
  • Multiple Updates
2024-11-28 12:09:23
  • Multiple Updates
2021-05-04 12:04:15
  • Multiple Updates
2021-04-22 01:04:53
  • Multiple Updates
2020-05-23 00:18:02
  • Multiple Updates
2018-10-18 21:20:13
  • Multiple Updates
2013-05-11 11:01:56
  • Multiple Updates