nvd-json-data-feeds/CVE-2006/CVE-2006-71xx/CVE-2006-7125.json

{
  "id": "CVE-2006-7125",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-03-06T01:19:00.000",
  "lastModified": "2024-11-21T00:24:27.143",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Joomla BSQ Sitestats 1.8.1 y 2.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de la cabecera HTTP Referer, la cual no es manejada adecuadamente cuando el administrador visualiza las estad\u00edsticas del sitio."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "baseScore": 6.8,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": true,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBD756FB-F3A0-4782-8B7E-D8B4BC6E339C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:joomla:bsq_sitestats:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CBFE1D6-DA3C-48D1-8E26-27E6A532E99F"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://secunia.com/secunia_research/2006-65/advisory/",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/archive/1/449125/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/20614",
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://www.vupen.com/english/advisories/2006/4090",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29661",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/secunia_research/2006-65/advisory/",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/archive/1/449125/100/0/threaded",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/bid/20614",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://www.vupen.com/english/advisories/2006/4090",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29661",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ],
  "evaluatorImpact": "Successful exploitation requires that \"magic_quotes_gpc\" is disabled.\r\n"
}