CVE-2006-6174

{"id": "CVE-2006-6174", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-30T16:28:00.000", "references": [{"url": "http://jvn.jp/jp/JVN%2347223461/index.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23092", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/forum/forum.php?forum_id=638868", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/30701", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/31993", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21321", "source": "cve@mitre.org"}, {"url": "http://www.tdiary.org/20061126.html", "source": "cve@mitre.org"}, {"url": "http://www.tdiary.org/download/tdiary.20061126.patch", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4722", "source": "cve@mitre.org"}, {"url": "http://jvn.jp/jp/JVN%2347223461/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23092", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/forum/forum.php?forum_id=638868", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/30701", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/31993", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21321", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.tdiary.org/20061126.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.tdiary.org/download/tdiary.20061126.patch", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4722", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tDiary en versiones anteriores a la 2.0.3 y en la versi\u00f3n 2.1.x anterior a la aparici\u00f3n del 2.1.4.20061126 permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro conf en el (1) tdiary.rb y (2) skel/conf.rhtml."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tdiary:tdiary:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7D4A716-2D1B-47F0-BB24-EC8364CCD5FA"}, {"criteria": "cpe:2.3:a:tdiary:tdiary:2.1.4.2006-11-15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF7348AF-25D3-41A9-86DA-543299E8BF8D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}