{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2006-3007", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "20060608 bug of script injection in shoutcast servers", "refsource" : "BUGTRAQ", "url" : "http://marc.info/?l=bugtraq&m=114980135615062&w=2" }, { "name" : "GLSA-200607-05", "refsource" : "GENTOO", "url" : "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml" }, { "name" : "18376", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/18376" }, { "name" : "ADV-2006-2254", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/2254" }, { "name" : "20524", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/20524" }, { "name" : "21005", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21005" }, { "name" : "shoutcast-djfields-xss(27129)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129" } ] } }