cvelistv5 - cve-2006-3007

CVE-2006-3007 (GCVE-0-2006-3007)

Vulnerability from cvelistv5 – Published: 2006-06-13 10:00 – Updated: 2024-08-07 18:16

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2006/2254	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/20524	third-party-advisoryx_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-20060…	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/21005	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=114980135615062&w=2	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/18376	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:16:05.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-2254",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2254"
          },
          {
            "name": "20524",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20524"
          },
          {
            "name": "GLSA-200607-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
          },
          {
            "name": "21005",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21005"
          },
          {
            "name": "20060608 bug of script injection in shoutcast servers",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2"
          },
          {
            "name": "shoutcast-djfields-xss(27129)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
          },
          {
            "name": "18376",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18376"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-2254",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2254"
        },
        {
          "name": "20524",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20524"
        },
        {
          "name": "GLSA-200607-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
        },
        {
          "name": "21005",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21005"
        },
        {
          "name": "20060608 bug of script injection in shoutcast servers",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2"
        },
        {
          "name": "shoutcast-djfields-xss(27129)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
        },
        {
          "name": "18376",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18376"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3007",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-2254",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2254"
            },
            {
              "name": "20524",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20524"
            },
            {
              "name": "GLSA-200607-05",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
            },
            {
              "name": "21005",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21005"
            },
            {
              "name": "20060608 bug of script injection in shoutcast servers",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2"
            },
            {
              "name": "shoutcast-djfields-xss(27129)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
            },
            {
              "name": "18376",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18376"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3007",
    "datePublished": "2006-06-13T10:00:00",
    "dateReserved": "2006-06-12T00:00:00",
    "dateUpdated": "2024-08-07T18:16:05.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.7.1:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"8F6BDC78-C016-43CA-A0FC-D3872F4A3874\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:win32:*:*:*:*:*\", \"matchCriteriaId\": \"440E9595-71EE-42B5-8F81-3C63AC2040ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:freebsd:*:*:*:*:*\", \"matchCriteriaId\": \"E508D922-3817-4BD3-A4D5-B6981F10BDFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"C08E8A3C-A83F-4339-AC5B-B8EC896B70A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:mac_os_x:*:*:*:*:*\", \"matchCriteriaId\": \"4A842C27-A792-4483-92EF-7CD08507C246\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:solaris:*:*:*:*:*\", \"matchCriteriaId\": \"B703039B-1EC8-41D2-8365-CA7359BFDFE9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:win32:*:*:*:*:*\", \"matchCriteriaId\": \"EE770672-FF5D-41F7-A1CF-35811EF8098C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:win32:*:*:*:*:*\", \"matchCriteriaId\": \"7C138869-BAFB-49EF-A6F9-F3F70D0A4D11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"5199CE97-4B9A-4515-979F-7629F7E24842\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:mac_os_x:*:*:*:*:*\", \"matchCriteriaId\": \"7A4E885A-D64C-41E6-8F79-3569C7E95642\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:win32:*:*:*:*:*\", \"matchCriteriaId\": \"BC4BF564-908B-4996-A3AF-0D73C2C80283\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"57E21195-8378-48D2-B337-BCFF2822A4E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:mac_os_x:*:*:*:*:*\", \"matchCriteriaId\": \"F0893B1F-D8E5-4980-A524-4639325DA101\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:win32:*:*:*:*:*\", \"matchCriteriaId\": \"6906F523-05B2-48C5-82F9-CE4520F3BF79\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de XSS en SHOUTcast 1.9.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s de los campos DJ (1) Description, (2) URL, (3) Genre, (4) AIM y (5) ICQ.\"}]",
      "id": "CVE-2006-3007",
      "lastModified": "2024-11-21T00:12:36.350",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-06-13T10:02:00.000",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20524\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21005\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/18376\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2254\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27129\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20524\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18376\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2254\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27129\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3007\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-06-13T10:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de XSS en SHOUTcast 1.9.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de los campos DJ (1) Description, (2) URL, (3) Genre, (4) AIM y (5) ICQ.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.7.1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"8F6BDC78-C016-43CA-A0FC-D3872F4A3874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"440E9595-71EE-42B5-8F81-3C63AC2040ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:freebsd:*:*:*:*:*\",\"matchCriteriaId\":\"E508D922-3817-4BD3-A4D5-B6981F10BDFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"C08E8A3C-A83F-4339-AC5B-B8EC896B70A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:mac_os_x:*:*:*:*:*\",\"matchCriteriaId\":\"4A842C27-A792-4483-92EF-7CD08507C246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"B703039B-1EC8-41D2-8365-CA7359BFDFE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"EE770672-FF5D-41F7-A1CF-35811EF8098C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"7C138869-BAFB-49EF-A6F9-F3F70D0A4D11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"5199CE97-4B9A-4515-979F-7629F7E24842\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:mac_os_x:*:*:*:*:*\",\"matchCriteriaId\":\"7A4E885A-D64C-41E6-8F79-3569C7E95642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"BC4BF564-908B-4996-A3AF-0D73C2C80283\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"57E21195-8378-48D2-B337-BCFF2822A4E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:mac_os_x:*:*:*:*:*\",\"matchCriteriaId\":\"F0893B1F-D8E5-4980-A524-4639325DA101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"6906F523-05B2-48C5-82F9-CE4520F3BF79\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20524\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21005\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18376\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2254\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27129\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-X35J-7W62-P96M

Vulnerability from github – Published: 2022-05-01 07:04 – Updated: 2022-05-01 07:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3007"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-13T10:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.",
  "id": "GHSA-x35j-7w62-p96m",
  "modified": "2022-05-01T07:04:40Z",
  "published": "2022-05-01T07:04:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3007"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20524"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21005"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18376"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-3007

Vulnerability from fkie_nvd - Published: 2006-06-13 10:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=114980135615062&w=2
cve@mitre.org	http://secunia.com/advisories/20524	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21005
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml
cve@mitre.org	http://www.securityfocus.com/bid/18376
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2254
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27129
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=114980135615062&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20524	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21005
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18376
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2254
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27129

Impacted products

Vendor	Product	Version
nullsoft	shoutcast_server	1.7.1
nullsoft	shoutcast_server	1.8.3
nullsoft	shoutcast_server	1.8.9
nullsoft	shoutcast_server	1.8.9
nullsoft	shoutcast_server	1.8.9
nullsoft	shoutcast_server	1.8.9
nullsoft	shoutcast_server	1.8.9
nullsoft	shoutcast_server	1.9.2
nullsoft	shoutcast_server	1.9.4
nullsoft	shoutcast_server	1.9.4
nullsoft	shoutcast_server	1.9.4
nullsoft	shoutcast_server	1.9.5
nullsoft	shoutcast_server	1.9.5
nullsoft	shoutcast_server	1.9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.7.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "8F6BDC78-C016-43CA-A0FC-D3872F4A3874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:win32:*:*:*:*:*",
              "matchCriteriaId": "440E9595-71EE-42B5-8F81-3C63AC2040ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:freebsd:*:*:*:*:*",
              "matchCriteriaId": "E508D922-3817-4BD3-A4D5-B6981F10BDFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:linux:*:*:*:*:*",
              "matchCriteriaId": "C08E8A3C-A83F-4339-AC5B-B8EC896B70A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "4A842C27-A792-4483-92EF-7CD08507C246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "B703039B-1EC8-41D2-8365-CA7359BFDFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:win32:*:*:*:*:*",
              "matchCriteriaId": "EE770672-FF5D-41F7-A1CF-35811EF8098C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:win32:*:*:*:*:*",
              "matchCriteriaId": "7C138869-BAFB-49EF-A6F9-F3F70D0A4D11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:linux:*:*:*:*:*",
              "matchCriteriaId": "5199CE97-4B9A-4515-979F-7629F7E24842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "7A4E885A-D64C-41E6-8F79-3569C7E95642",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:win32:*:*:*:*:*",
              "matchCriteriaId": "BC4BF564-908B-4996-A3AF-0D73C2C80283",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:linux:*:*:*:*:*",
              "matchCriteriaId": "57E21195-8378-48D2-B337-BCFF2822A4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "F0893B1F-D8E5-4980-A524-4639325DA101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:win32:*:*:*:*:*",
              "matchCriteriaId": "6906F523-05B2-48C5-82F9-CE4520F3BF79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en SHOUTcast 1.9.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de los campos DJ (1) Description, (2) URL, (3) Genre, (4) AIM y (5) ICQ."
    }
  ],
  "id": "CVE-2006-3007",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-13T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20524"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18376"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2254"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-3007

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3007

Aliases

CVE-2006-3007

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3007",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.",
    "id": "GSD-2006-3007"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3007"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.",
      "id": "GSD-2006-3007",
      "modified": "2023-12-13T01:19:56.818604Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3007",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2006-2254",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2254"
          },
          {
            "name": "20524",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20524"
          },
          {
            "name": "GLSA-200607-05",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
          },
          {
            "name": "21005",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21005"
          },
          {
            "name": "20060608 bug of script injection in shoutcast servers",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2"
          },
          {
            "name": "shoutcast-djfields-xss(27129)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
          },
          {
            "name": "18376",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18376"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:mac_os_x:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:mac_os_x:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.7.1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:mac_os_x:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:freebsd:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3007"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18376",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18376"
            },
            {
              "name": "20524",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20524"
            },
            {
              "name": "GLSA-200607-05",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
            },
            {
              "name": "21005",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21005"
            },
            {
              "name": "ADV-2006-2254",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2254"
            },
            {
              "name": "20060608 bug of script injection in shoutcast servers",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=114980135615062\u0026w=2"
            },
            {
              "name": "shoutcast-djfields-xss(27129)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:31Z",
      "publishedDate": "2006-06-13T10:02Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3007 (GCVE-0-2006-3007)

GHSA-X35J-7W62-P96M

FKIE_CVE-2006-3007

GSD-2006-3007

Tags

Sightings

Nomenclature