Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-2420

EPSS 0.69% · P72
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-2420

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather due to design or documentation inconsistencies within RSS, or implementation vulnerabilities in RSS readers. While this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Bugzilla RSS阅读器 跨站脚本(XSS) 攻击
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bugzilla 2.20rc1到2.20 和 2.21.1在使用RSS 1.0时,可以使远程攻击者借助带有HTML编码的">"等序列的,可由某些RSS阅读器自动解码的标题元素,进行跨站脚本(XSS) 攻击。注意:此问题不在于Bugzilla自身,而是由RSS内的设计或文档不一致,或RSS阅读器中的执行漏洞所致。虽然这种问题一般不纳入CVE,但由于Bugzilla开发者已经作了处理,所以对此进行了认定。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-2420

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-2420

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-05-16 · 31 CVEs total

CVE-2006-2390OZJournals 注释功能 跨站脚本攻击(XSS) 漏洞
CVE-2006-2404RadScripts RadLance Popup.PHP 目录遍历漏洞
CVE-2006-2403FileZilla 未明缓冲区溢出漏洞
CVE-2006-2402Outgun servernet.cpp changeRegistration函数 缓冲区溢出
CVE-2006-2401Outgun leetnet函数 拒绝服务漏洞
CVE-2006-2400Outgun leetnet函数 拒绝服务漏洞
CVE-2006-2399Outgun servnet.cpp 堆栈缓冲区溢出漏洞
CVE-2006-2398GPhotos index.php 目录遍历漏洞
CVE-2006-2397Gphotos 多个跨站脚本攻击(XSS) 漏洞
CVE-2006-2396PHPODP browse参数 跨站脚本攻击漏洞
CVE-2006-2395PopSoft Digital PopPhoto Studio popp.config.loader.inc.php PHP远程文件包含漏洞
CVE-2006-2394PHP Live Helper Chat.PHP 跨站脚本攻击漏洞
CVE-2006-2393Empire client_cmd 函数 拒绝服务漏洞
CVE-2006-2392PHP Blue Dragon Platinum popup_finduser.php PHP远程文件包含漏洞
CVE-2006-2391EMC Dantz Retrospect 客户端 远程缓冲区溢出漏洞
CVE-2006-2405Unclassified NewsBoard abbc.conf.php 目录遍历漏洞
CVE-2006-2419Directory Listing index.php 跨站脚本攻击(XSS)漏洞
CVE-2006-2418phpMyAdmin 未明跨站脚本攻击(XSS)漏洞
CVE-2006-2417phpMyAdmin 多个跨站脚本攻击漏洞
CVE-2006-2416e107 class2.php SQL注入漏洞

Showing top 20 of 31 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-2420

No comments yet

Leave a comment