cvelistv5 - cve-2006-6920

CVE-2006-6920 (GCVE-0-2006-6920)

Vulnerability from cvelistv5

Published

2007-01-11 23:00

Modified

2024-08-07 20:42

Severity ?

CWE

Summary

Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.

References

URL

Tags

cve@mitre.org	http://jvn.jp/jp/JVN%2384656399/index.html
cve@mitre.org	http://secunia.com/advisories/22843	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017220
cve@mitre.org	http://www.nucleuscms.org/item/3044	Patch
cve@mitre.org	http://www.securityfocus.com/bid/21104
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4495
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30254
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/jp/JVN%2384656399/index.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22843	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017220
af854a3a-2127-422b-91ae-364da2661108	http://www.nucleuscms.org/item/3044	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21104
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4495
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30254

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:42:07.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-4495",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4495"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.nucleuscms.org/item/3044"
          },
          {
            "name": "nucleus-unspecified-xss(30254)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254"
          },
          {
            "name": "22843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22843"
          },
          {
            "name": "1017220",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017220"
          },
          {
            "name": "21104",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21104"
          },
          {
            "name": "JVN#84656399",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/jp/JVN%2384656399/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-4495",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4495"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.nucleuscms.org/item/3044"
        },
        {
          "name": "nucleus-unspecified-xss(30254)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254"
        },
        {
          "name": "22843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22843"
        },
        {
          "name": "1017220",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017220"
        },
        {
          "name": "21104",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21104"
        },
        {
          "name": "JVN#84656399",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/jp/JVN%2384656399/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6920",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-4495",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4495"
            },
            {
              "name": "http://www.nucleuscms.org/item/3044",
              "refsource": "CONFIRM",
              "url": "http://www.nucleuscms.org/item/3044"
            },
            {
              "name": "nucleus-unspecified-xss(30254)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254"
            },
            {
              "name": "22843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22843"
            },
            {
              "name": "1017220",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017220"
            },
            {
              "name": "21104",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21104"
            },
            {
              "name": "JVN#84656399",
              "refsource": "JVN",
              "url": "http://jvn.jp/jp/JVN%2384656399/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-6920",
    "datePublished": "2007-01-11T23:00:00",
    "dateReserved": "2007-01-11T00:00:00",
    "dateUpdated": "2024-08-07T20:42:07.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-6920\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-11T23:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Nucleus versiones anteriores 3.24 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante vectores desconocidos, posiblemente involucrando 1) lib/ADMIN.php y (2) lib/SKIN.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nucleus_cms:nucleus_cms:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CE87F9D-913C-4EF1-A7A8-1A99EDDD0560\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nucleus_cms:nucleus_cms:3.0_rc:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C47D80A-5626-4F00-8E18-121963490490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nucleus_cms:nucleus_cms:3.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D06481B-3771-4123-9189-4F759F35C692\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nucleus_cms:nucleus_cms:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A72C900-F30C-4660-BB69-73B374270A7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nucleus_cms:nucleus_cms:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2EFC77-EDE0-461C-A9FE-437F09873F5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nucleus_cms:nucleus_cms:3.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5550C6B-208E-40DD-9C4D-6B38A7EEAB8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nucleus_cms:nucleus_cms:3.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A84E022-E9FB-4EE4-B61B-9A5E32D5D695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nucleus_cms:nucleus_cms:3.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29AC9611-87D9-46E3-BB43-B5DFAC71F5C2\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/jp/JVN%2384656399/index.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22843\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017220\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.nucleuscms.org/item/3044\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/21104\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4495\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30254\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvn.jp/jp/JVN%2384656399/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22843\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017220\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.nucleuscms.org/item/3044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/21104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4495\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2006-6920

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-6920

Aliases

CVE-2006-6920

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-6920",
    "description": "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.",
    "id": "GSD-2006-6920"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-6920"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.",
      "id": "GSD-2006-6920",
      "modified": "2023-12-13T01:19:54.396988Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-6920",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2006-4495",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4495"
          },
          {
            "name": "http://www.nucleuscms.org/item/3044",
            "refsource": "CONFIRM",
            "url": "http://www.nucleuscms.org/item/3044"
          },
          {
            "name": "nucleus-unspecified-xss(30254)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254"
          },
          {
            "name": "22843",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22843"
          },
          {
            "name": "1017220",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017220"
          },
          {
            "name": "21104",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/21104"
          },
          {
            "name": "JVN#84656399",
            "refsource": "JVN",
            "url": "http://jvn.jp/jp/JVN%2384656399/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.0_rc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6920"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#84656399",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/jp/JVN%2384656399/index.html"
            },
            {
              "name": "http://www.nucleuscms.org/item/3044",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.nucleuscms.org/item/3044"
            },
            {
              "name": "21104",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/21104"
            },
            {
              "name": "1017220",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017220"
            },
            {
              "name": "22843",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22843"
            },
            {
              "name": "ADV-2006-4495",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4495"
            },
            {
              "name": "nucleus-unspecified-xss(30254)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-29T01:29Z",
      "publishedDate": "2007-01-11T23:28Z"
    }
  }
}

cve-2006-6920

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

Nucleus cross-site scripting vulnerability

Details

Nucleus, an open source content management system, contains a cross-site scripting vulnerability.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN84656399/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6920
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6920
	SECUNIA	http://secunia.com/advisories/22843
	BID	http://www.securityfocus.com/bid/21104
	XF	http://xforce.iss.net/xforce/xfdb/30254
	SECTRACK	http://securitytracker.com/id?1017220
	FRSIRT	http://www.frsirt.com/english/advisories/2006/4495

Impacted products

Vendor

Product

Nucleus

nucleus

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000777.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Nucleus, an open source content management system, contains a cross-site scripting vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000777.html",
  "sec:cpe": {
    "#text": "cpe:/a:nucleus_cms:nucleus",
    "@product": "nucleus",
    "@vendor": "Nucleus",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.1",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000777",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN84656399/index.html",
      "@id": "JVN#84656399",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6920",
      "@id": "CVE-2006-6920",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6920",
      "@id": "CVE-2006-6920",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/22843",
      "@id": "SA22843",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/21104",
      "@id": "21104",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/30254",
      "@id": "30254",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1017220",
      "@id": "1017220",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/4495",
      "@id": "FrSIRT/ADV-2006-4495",
      "@source": "FRSIRT"
    }
  ],
  "title": "Nucleus cross-site scripting vulnerability"
}

ghsa-2pxj-6xcx-769r

Vulnerability from github

Published

2022-05-01 07:42

Modified

2022-05-01 07:42

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-6920"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-11T23:28:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.",
  "id": "GHSA-2pxj-6xcx-769r",
  "modified": "2022-05-01T07:42:49Z",
  "published": "2022-05-01T07:42:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6920"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/jp/JVN%2384656399/index.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22843"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017220"
    },
    {
      "type": "WEB",
      "url": "http://www.nucleuscms.org/item/3044"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21104"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4495"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2006-6920

Vulnerability from fkie_nvd

Published

2007-01-11 23:28

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://jvn.jp/jp/JVN%2384656399/index.html
cve@mitre.org	http://secunia.com/advisories/22843	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017220
cve@mitre.org	http://www.nucleuscms.org/item/3044	Patch
cve@mitre.org	http://www.securityfocus.com/bid/21104
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4495
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30254
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/jp/JVN%2384656399/index.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22843	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017220
af854a3a-2127-422b-91ae-364da2661108	http://www.nucleuscms.org/item/3044	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21104
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4495
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30254

Impacted products

Vendor	Product	Version
nucleus_cms	nucleus_cms	3.0
nucleus_cms	nucleus_cms	3.0_rc
nucleus_cms	nucleus_cms	3.01
nucleus_cms	nucleus_cms	3.1
nucleus_cms	nucleus_cms	3.2
nucleus_cms	nucleus_cms	3.21
nucleus_cms	nucleus_cms	3.22
nucleus_cms	nucleus_cms	3.23

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE87F9D-913C-4EF1-A7A8-1A99EDDD0560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.0_rc:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C47D80A-5626-4F00-8E18-121963490490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D06481B-3771-4123-9189-4F759F35C692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A72C900-F30C-4660-BB69-73B374270A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2EFC77-EDE0-461C-A9FE-437F09873F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5550C6B-208E-40DD-9C4D-6B38A7EEAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A84E022-E9FB-4EE4-B61B-9A5E32D5D695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nucleus_cms:nucleus_cms:3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AC9611-87D9-46E3-BB43-B5DFAC71F5C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Nucleus versiones anteriores 3.24 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante vectores desconocidos, posiblemente involucrando 1) lib/ADMIN.php y (2) lib/SKIN.php."
    }
  ],
  "id": "CVE-2006-6920",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-01-11T23:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://jvn.jp/jp/JVN%2384656399/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22843"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017220"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.nucleuscms.org/item/3044"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21104"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4495"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/jp/JVN%2384656399/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.nucleuscms.org/item/3044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-6920 (GCVE-0-2006-6920)

Vulnerability from cvelistv5

gsd-2006-6920

Vulnerability from gsd

cve-2006-6920

Vulnerability from jvndb

ghsa-2pxj-6xcx-769r

Vulnerability from github

fkie_cve-2006-6920

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature