CVE-2006-6386

{"id": "CVE-2006-6386", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-08T01:28:00.000", "references": [{"url": "http://drupal.org/node/101540", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23261", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21455", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4870", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30748", "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/101540", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23261", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21455", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4870", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30748", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el administrador/seguidor de CVS 4,7.x-1.0, 4.7.x-2.0, y 4.7.0 (anterior al sistema de publicaci\u00f3n de contribuciones del 07/08/2006) para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del campo motivation en la p\u00e1gina de solicitud CVS, la cual no se pasa por check_markup (comprobar etiquetado) al mostrarse."}], "lastModified": "2024-11-21T00:22:33.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:cvs_management_and_tracker:4.7_1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AD84146-FAAF-48C6-8DBB-9F2B8141AAA5"}, {"criteria": "cpe:2.3:a:drupal:cvs_management_and_tracker:4.7_2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17E53FC4-411F-4C79-84C3-9B8627FF871C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}