1. CVE-Search
  2. CVE-2006-5037
ID CVE-2006-5037
Summary MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:squiz:mysource_matrix:3.8.6a:*:*:*:*:*:*:*
    cpe:2.3:a:squiz:mysource_matrix:3.8.6a:*:*:*:*:*:*:*
  • cpe:2.3:a:squiz:mysource_matrix:3.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:squiz:mysource_matrix:3.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:squiz:mysource_matrix:3.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:squiz:mysource_matrix:3.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:squiz:mysource_matrix:3.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:squiz:mysource_matrix:3.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:squiz:mysource_matrix:3.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:squiz:mysource_matrix:3.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:squiz:mysource_matrix:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:squiz:mysource_matrix:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:squiz:mysource_matrix:3.10:*:*:*:*:*:*:*
    cpe:2.3:a:squiz:mysource_matrix:3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:squiz:mysource_matrix:3.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:squiz:mysource_matrix:3.8.5:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 11-04-2024 - 00:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20060922 Squiz MySource Matrix Unauthorised Proxy and Cross Site Scripting
misc http://www.aushack.com/advisories/200607-mysourcematrix.txt
secunia 22060
sreason 1635
Last major update 11-04-2024 - 00:41
Published 27-09-2006 - 23:07
Last modified 11-04-2024 - 00:41
Back to Top