CVE-2006-2106
published 2006-04-29CVE-2006-2106: Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
1.37%
68.5th percentile
Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | trac | < trac 0.9.5-1 (sid) | trac 0.9.5-1 (sid) |
| edgewall_software | trac | — | — |
| edgewall_software | trac | >= 0 < 0.9.5-1 | 0.9.5-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2006-2106: trac - Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and ear...
vendor_debian·2006·CVSS 4.3
CVE-2006-2106 [MEDIUM] CVE-2006-2106: trac - Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and ear...
Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."
Scope: local
sid: resolved (fixed in 0.9.5-1)
trixie: resolved (fixed in 0.9.5-1)
GHSA
GHSA-hg82-r34f-j85v: Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0
ghsa_unreviewed·2022-05-01
CVE-2006-2106 [MEDIUM] GHSA-hg82-r34f-j85v: Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0
Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."
OSV
CVE-2006-2106: Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0
osv·2006-04-29·CVSS 4.3
CVE-2006-2106 [MEDIUM] CVE-2006-2106: Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0
Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://jvn.jp/jp/JVN%2384091359/index.htmlhttp://secunia.com/advisories/19870http://securitytracker.com/id?1015986http://www.edgewall.com/blog/news/trac_0_9_5.htmlhttp://www.securityfocus.com/bid/17741http://www.vupen.com/english/advisories/2006/1557https://exchange.xforce.ibmcloud.com/vulnerabilities/26125http://jvn.jp/jp/JVN%2384091359/index.htmlhttp://secunia.com/advisories/19870http://securitytracker.com/id?1015986http://www.edgewall.com/blog/news/trac_0_9_5.htmlhttp://www.securityfocus.com/bid/17741http://www.vupen.com/english/advisories/2006/1557https://exchange.xforce.ibmcloud.com/vulnerabilities/26125
2006-04-29
Published