fkie_nvd - fkie_cve-2006-4453

fkie_cve-2006-4453

Vulnerability from fkie_nvd

Published

2006-08-30 16:04

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21667	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/28268
cve@mitre.org	http://www.pmichaud.com/wiki/PmWiki/ChangeLog
cve@mitre.org	http://www.securityfocus.com/bid/19747
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21667	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/28268
af854a3a-2127-422b-91ae-364da2661108	http://www.pmichaud.com/wiki/PmWiki/ChangeLog
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19747

Impacted products

Vendor	Product	Version
pmwiki	pmwiki	2.1.0
pmwiki	pmwiki	2.1.1
pmwiki	pmwiki	2.1.2
pmwiki	pmwiki	2.1.3
pmwiki	pmwiki	2.1.4
pmwiki	pmwiki	2.1.5
pmwiki	pmwiki	2.1.6
pmwiki	pmwiki	2.1.7
pmwiki	pmwiki	2.1.8
pmwiki	pmwiki	2.1.9
pmwiki	pmwiki	2.1.10
pmwiki	pmwiki	2.1.11
pmwiki	pmwiki	2.1.12
pmwiki	pmwiki	2.1.13
pmwiki	pmwiki	2.1.14
pmwiki	pmwiki	2.1.15
pmwiki	pmwiki	2.1.16
pmwiki	pmwiki	2.1.17

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B6CC82-DA0C-4951-AACF-FA5474F7243E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A679D6-5261-4351-BD09-8975BAA44927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4FC7BC-0253-4A44-925E-57289B7BB944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E80F47F-D848-4FE9-9030-AFDF992F31B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "578735E1-72AC-4607-ADB2-FBAEE7B90087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "728FE60F-DC52-46B0-B718-4E7F1535AA1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5F0FD1-2CAB-4E05-AF19-79D3E5B5F681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "96773E69-5182-4046-B29C-7BEF6653786A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "365F50C3-05F7-41A3-AE93-366DBBC829B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D440EFA-606A-402D-8F12-86E5B9C03CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D6BE6E-A13F-48B2-9813-8C0C94C8E2CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5DB117C-E330-4CFE-B4E0-3C39A3DF1E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F50EACAA-54D7-4C15-87A2-BD68C222446F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "74CDAFF6-C979-466C-914D-E6C03200C051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4581490-B665-407C-BEB9-51F1266A4ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC20F93E-F83E-4625-B79D-CCE49D43E9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F0F3638-4F2E-4790-AFA9-C68C2F298A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F18FE5BE-A80B-4858-9E4F-E25C693F4B44",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en PmWiki anterior a 2.1.18 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados que abarcan \"tabla de markups\"."
    }
  ],
  "id": "CVE-2006-4453",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-30T16:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21667"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/28268"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/28268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19747"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2006-4453 (GCVE-0-2006-4453)

Vulnerability from cvelistv5

Published

2006-08-30 15:00