CVE-2006-5036
published 2006-09-27CVE-2006-5036: MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter…
PriorityP420medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.25%
65.7th percentile
MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| squiz | mysource_classic | <= 2.16.2 | — |
| squiz | mysource_matrix | <= 3.8 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Squiz Mysource Classic up to 3.8 HTTP Proxy Server sq_remote_page_url cross site scripting (XFDB-29112 / BID-20153)
vuldb·2026-04-23·CVSS 6.8
CVE-2006-5036 [MEDIUM] Squiz Mysource Classic up to 3.8 HTTP Proxy Server sq_remote_page_url cross site scripting (XFDB-29112 / BID-20153)
A vulnerability, which was classified as problematic, was found in Squiz Mysource Classic up to 3.8. This affects an unknown part of the component HTTP Proxy Server. The manipulation of the argument sq_remote_page_url results in basic cross site scripting.
This vulnerability is identified as CVE-2006-5036. The attack can be executed remotely. There is not any exploit available.
The existence of this vulnerability is still disputed at present.
GHSA
GHSA-56wg-2vx4-q6pc: ** DISPUTED ** MySource Matrix 3
ghsa_unreviewed·2022-05-01
CVE-2006-5036 [MEDIUM] GHSA-56wg-2vx4-q6pc: ** DISPUTED ** MySource Matrix 3
** DISPUTED ** MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/22060http://securityreason.com/securityalert/1635http://www.aushack.com/advisories/200607-mysourcematrix.txthttp://www.securityfocus.com/archive/1/446722/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/29112http://secunia.com/advisories/22060http://securityreason.com/securityalert/1635http://www.aushack.com/advisories/200607-mysourcematrix.txthttp://www.securityfocus.com/archive/1/446722/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/29112
2006-09-27
Published